4
在內核中具有PaX的linux上溢出緩衝區是否可行?我想通過使用適當的輸入來更改返回地址來利用可執行文件。我使用的是Ubuntu 10.04,我使用paxtest來測試它,但我不知道結果的含義。這是我的系統中paxtest的結果:PaX和緩衝區溢出
Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : 12 bits (guessed) Heap randomisation test (ET_EXEC) : 13 bits (guessed) Heap randomisation test (ET_DYN) : 14 bits (guessed) Main executable randomisation (ET_EXEC) : 12 bits (guessed) Main executable randomisation (ET_DYN) : 12 bits (guessed) Shared library randomisation test : 12 bits (guessed) Stack randomisation test (SEGMEXEC) : 19 bits (guessed) Stack randomisation test (PAGEEXEC) : 19 bits (guessed) Return to function (strcpy) : Vulnerable Return to function (strcpy, RANDEXEC) : Vulnerable Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Vulnerable Executable shared library data : Killed Writable text segments : Vulnerable
您是否要求StackOverflow社區幫助您創建自己的受PaX保護的Linux內核漏洞利用? 。 。 。 :-D。 。 。 – paercebal 2011-06-16 12:37:22
:D,對不起,我對此不太瞭解,我只是在研究緩衝區溢出問題,但根據您的迴應,我認爲這並不容易。 thx雖然 – MKoosej 2011-06-17 20:23:33