admin管理员组文章数量:1387360
I’m testing a simple buffer overflow on Ubuntu 22.04 (kernel 6.8.0-52-generic) and encountering this issue:
I can overwrite RIP with only 6 bytes. If I try to overwrite all 8 bytes, RIP resets to a valid address instead of the corrupted address.
vuln.c
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
char name[64];
strcpy(name, argv[1]); // No bounds checking = buffer overflow
printf("Arg[1] is :%s\n", name);
return 0;
}
gdb outputs
Tried both GCC 11 and GCC 9. Compiled with -fno-stack-protector -no-pie -z execstack -fcf-protection=none -Wl,-z,norelro. Haven't changed anything. Checked with checksec and dmesg. Protections look closed.
checksec and other stuff
What security mitigation could be preventing me from overwriting the last 2 bytes of RIP?
本文标签: securityWhy Can I Only Overwrite 6 Bytes of RIP in a Buffer Overflow on Ubuntu 2204Stack Overflow
版权声明:本文标题:security - Why Can I Only Overwrite 6 Bytes of RIP in a Buffer Overflow on Ubuntu 22.04? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744551384a2612202.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论