From: rajat swarup (rajats@gmail.com)
Date: Fri May 18 2007 - 17:40:19 EDT
On 5/18/07, Mike Gibson <micheal.gibson@gmail.com> wrote:
> I have a custom application that I am using to learn a little more
> about format string vulnerabilities. It is basically an echo server. I
> have been able to exploit the vulnerability and write data to memory
> on the server however the problem I am seeing is that I want to
> overwrite EIP but every time the application runs the stack seems to
> be at a different location.
>
> Does anyone know if Red Hat 9 has any form of stack protection? If so
> is there a way to disable it?
>
Red hat 9 randomizes stack addresses. You can disable it by using:
echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf
/sbin/sysctl -p /etc/sysctl.conf
James foster's book says:
"You can disable ExecShield with the command:
sysctl -w kernel.exec-shield=0
or just the randomization with the command:
sysctl -w kernel.exec-shield-randomize=0"
Please let me know how it works out.
HTH,
Rajat Swarup
http://rajatswarup.blogspot.com/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:48 EDT