Security/System 2010. 6. 19. 16:01
랜덤스택인지 확인
[bslime@bslime-server ~]$ cat /proc/sys/kernel/randomize_va_space
2
실행 가능 메모리인지 확인
[bslime@bslime-server ~]$ cat /proc/sys/kernel/randomize_va_space
2
실행 가능 메모리인지 확인
[bslime@bslime-server ~]$ cat /proc/sys/kernel/exec-shield
1
1
위와 같이 랜덤스택 인데다가, 코드 영역 외 실행 불가 메모리 일지라도 컴파일 환경에 따라 파일이 갖고 있는 권한이 다르기 때문에 추가적으로 더 확인을 해준다,
[bslime@bslime-server ~]$ gdb -q vuln
(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) b main
Breakpoint 1 at 0x804846a
(gdb) r
Starting program: /home/bslime/vuln
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Breakpoint 1, 0x0804846a in main ()
Missing separate debuginfos, use: debuginfo-install glibc.i686
(gdb) shell
[bslime@bslime-server ~]$ ps
PID TTY TIME CMD
15966 pts/0 00:00:04 bash
16161 pts/0 00:00:00 gdb
16162 pts/0 00:00:00 vuln
16165 pts/0 00:00:00 bash
16191 pts/0 00:00:00 ps
(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) b main
Breakpoint 1 at 0x804846a
(gdb) r
Starting program: /home/bslime/vuln
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Breakpoint 1, 0x0804846a in main ()
Missing separate debuginfos, use: debuginfo-install glibc.i686
(gdb) shell
[bslime@bslime-server ~]$ ps
PID TTY TIME CMD
15966 pts/0 00:00:04 bash
16161 pts/0 00:00:00 gdb
16162 pts/0 00:00:00 vuln
16165 pts/0 00:00:00 bash
16191 pts/0 00:00:00 ps
[bslime@bslime-server ~]$ cat /proc/16162/maps
00110000-00111000 r-xp 00110000 00:00 0 [vdso]
00123000-00125000 rwxp 00123000 00:00 0
0035f000-0037a000 r-xp 00000000 fd:00 24184311 /lib/ld-2.7.so
0037a000-0037b000 r-xp 0001a000 fd:00 24184311 /lib/ld-2.7.so
0037b000-0037c000 rwxp 0001b000 fd:00 24184311 /lib/ld-2.7.so
0037e000-004d1000 r-xp 00000000 fd:00 24184312 /lib/libc-2.7.so
004d1000-004d3000 r-xp 00153000 fd:00 24184312 /lib/libc-2.7.so
004d3000-004d4000 rwxp 00155000 fd:00 24184312 /lib/libc-2.7.so
004d4000-004d7000 rwxp 004d4000 00:00 0
08048000-08049000 r-xp 00000000 fd:00 31358983 /home/bslime/vuln
08049000-0804a000 rwxp 00000000 fd:00 31358983 /home/bslime/vuln
bf887000-bf89c000 rwxp bffeb000 00:00 0 [stack]
00123000-00125000 rwxp 00123000 00:00 0
0035f000-0037a000 r-xp 00000000 fd:00 24184311 /lib/ld-2.7.so
0037a000-0037b000 r-xp 0001a000 fd:00 24184311 /lib/ld-2.7.so
0037b000-0037c000 rwxp 0001b000 fd:00 24184311 /lib/ld-2.7.so
0037e000-004d1000 r-xp 00000000 fd:00 24184312 /lib/libc-2.7.so
004d1000-004d3000 r-xp 00153000 fd:00 24184312 /lib/libc-2.7.so
004d3000-004d4000 rwxp 00155000 fd:00 24184312 /lib/libc-2.7.so
004d4000-004d7000 rwxp 004d4000 00:00 0
08048000-08049000 r-xp 00000000 fd:00 31358983 /home/bslime/vuln
08049000-0804a000 rwxp 00000000 fd:00 31358983 /home/bslime/vuln
bf887000-bf89c000 rwxp bffeb000 00:00 0 [stack]
[bslime@bslime-server ~]$
