Linux Stack Protection By Default

Modern gcc compiler (v9.2.0) protects the stack by default and you will notice it because instead of SIGSEGV on stack overflow you will get a SIGABRT, but it also generates coredumps.

In this case the compiler adds the variable local_10. This variable helds a canary value that is checked at the end of the function.
The memset overflows the four bytes stack variable and modifies the canary value.

The 64bits canary 0x5429851ebaf95800 can't be predicted, but in specific situations is not re-generated and can be bruteforced or in other situations can be leaked from memory for example using a format string vulnerability or an arbitrary read wihout overflowing the stack.

If the canary doesn't match, the libc function __stack_chck_fail is called and terminates the prorgam with a SIGABORT which generates a coredump, in the case of archlinux managed by systemd and are stored on "/var/lib/systemd/coredump/"


❯❯❯ ./test 
*** stack smashing detected ***: terminated
fish: './test' terminated by signal SIGABRT (Abort)

❯❯❯ sudo lz4 -d core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000.lz4
[sudo] password for xxxx: 
Decoding file core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 
core.test.1000.c611b : decoded 249856 bytes 

 ❯❯❯ sudo gdb /home/xxxx/test core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 -q 

We specify the binary and the core file as a gdb parameters. We can see only one LWP (light weight process) or linux thread, so in this case is quicker to check. First of all lets see the back trace, because in this case the execution don't terminate in the segfaulted return.

We can see on frame 5 the address were it would had returned to main if it wouldn't aborted.

Happy Idea: we can use this stack canary aborts to detect stack overflows. In Debian with prevous versions it will be exploitable depending on the compilation flags used.
And note that the canary is located as the last variable in the stack so the previous variables can be overwritten without problems.

Related articles

1. Pentest Tools
2. Hacks And Tools
3. Pentest Tools For Windows
4. Hacking Tools Software
5. Pentest Tools Review
6. Pentest Reporting Tools
7. Black Hat Hacker Tools
8. World No 1 Hacker Software
9. Hacking Tools For Mac
10. Pentest Tools Open Source
11. How To Install Pentest Tools In Ubuntu
12. Hacking Tools Free Download
13. Top Pentest Tools
14. Wifi Hacker Tools For Windows
15. Pentest Tools For Mac
16. Install Pentest Tools Ubuntu
17. Pentest Automation Tools
18. Pentest Tools Tcp Port Scanner
19. Hackers Toolbox
20. Pentest Tools Url Fuzzer
21. Hacking Tools Download
22. Ethical Hacker Tools
23. Hack Website Online Tool
24. Growth Hacker Tools
25. Pentest Tools Bluekeep
26. Hack Tools For Mac
27. Pentest Tools List
28. Hack Tools For Pc
29. Free Pentest Tools For Windows
30. Hackrf Tools
31. Usb Pentest Tools
32. Hacker Tools Mac
33. Pentest Tools
34. Hacking Tools Hardware
35. What Is Hacking Tools
36. Bluetooth Hacking Tools Kali
37. Hack Tools For Ubuntu
38. Hacker Tool Kit
39. Usb Pentest Tools
40. Pentest Reporting Tools
41. Best Pentesting Tools 2018
42. Pentest Tools For Mac
43. Pentest Recon Tools
44. Termux Hacking Tools 2019
45. Tools For Hacker
46. Nsa Hack Tools
47. Hacker Tools For Mac
48. Hacker Tools Free
49. Hacking Tools For Games
50. How To Install Pentest Tools In Ubuntu
51. Hacks And Tools
52. Hacker Tools For Windows
53. Beginner Hacker Tools
54. Game Hacking
55. Pentest Tools Nmap
56. Pentest Tools Nmap
57. Hacking Tools For Pc
58. Hacking Tools Github
59. Best Hacking Tools 2020
60. Hack Rom Tools
61. Hacking Tools And Software
62. Kik Hack Tools
63. Pentest Tools Kali Linux
64. Pentest Box Tools Download
65. Hacking Tools For Windows Free Download
66. Pentest Tools Nmap
67. Hack Tools Download
68. Pentest Tools Bluekeep
69. Hacking Tools Free Download
70. Hack Tools For Games
71. Top Pentest Tools
72. Pentest Box Tools Download
73. Pentest Tools Free
74. Hacker Tools 2019
75. Pentest Tools List
76. Pentest Tools For Android
77. Hacker Hardware Tools
78. Hack Tools Online
79. Hacking Tools Windows
80. Pentest Tools Android
81. Pentest Tools
82. Pentest Tools Github
83. Hacking Tools 2020
84. Hacking Tools Windows
85. Hacking Tools Github
86. Hack Tools Download
87. Hack Tool Apk
88. Pentest Tools For Mac
89. Hack Tools Github
90. Tools Used For Hacking
91. Pentest Tools Free
92. Hacker Tools Apk
93. Hak5 Tools
94. Tools 4 Hack
95. Pentest Recon Tools
96. Hacker Tool Kit
97. Hack Tool Apk
98. Hack Tools For Windows
99. Hack Tools
100. Hack Tool Apk No Root
101. Hack Tools For Mac
102. Pentest Tools Open Source
103. Ethical Hacker Tools
104. Hacking App
105. Hacking Tools Hardware
106. Hacker Hardware Tools
107. Hacking Tools For Windows 7
108. Hack Tools For Games
109. Hacker Tools For Mac
110. Hacking Tools For Windows 7
111. Hacking Tools Windows
112. Pentest Tools For Android
113. Best Pentesting Tools 2018
114. Best Pentesting Tools 2018
115. Hacker Tools Mac
116. Ethical Hacker Tools
117. Hack Tools For Pc
118. Free Pentest Tools For Windows
119. Pentest Tools For Android
120. Tools Used For Hacking
121. Hackers Toolbox
122. Pentest Tools List
123. Hacking Apps
124. Hacker Tools Mac
125. Game Hacking
126. Pentest Tools
127. Hack Tools For Mac
128. Hacking Tools And Software
129. Hacker Tools Free Download
130. Hack And Tools
131. Hacker Tools 2019
132. Pentest Tools For Windows
133. Hack Tools
134. Hacker Hardware Tools
135. Bluetooth Hacking Tools Kali
136. Pentest Tools Github
137. Hacking Tools 2020
138. Best Pentesting Tools 2018
139. Termux Hacking Tools 2019
140. What Is Hacking Tools
141. Nsa Hacker Tools
142. Top Pentest Tools
143. Blackhat Hacker Tools