I'm working on a homework problem that requires disabling compiler optimization protection for it to work. I'm using gcc 4.4.1 on ubuntu linux, but can't figure out which flags are are the right ones. I realize it's architecture dependant - my machine runs w/ 32-bit Intel processor.
Thanks.
This question is related to
c
gcc
buffer-overflow
compiler-optimization
Urm, all of the answers so far have been wrong with Rook's answer being correct.
Entering:
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
Followed by:
gcc -fno-stack-protector -z execstack -o bug bug.c
Disables ASLR, SSP/Propolice and Ubuntu's NoneXec (which was placed in 9.10, and fairly simple to work around see the mprotect(2) technique to map pages as executable and jmp) should help a little, however these "security features" are by no means infallible. Without the `-z execstack' flag, pages have non-executable stack markings.
Try the -fno-stack-protector
flag.
You don't need to disable ASLR in order to do a buffer overflow! Although ASLR is enabled (kernel_randomize_va_space = 2
), it will not take effect unless the compiled executable is PIE. So unless you compiled your file with -fPIC -pie
flag, ASLR will not take effect.
I think only disabling the canaries with -fno-stack-protector
is enough.
If you want to check if ASLR is working or not (Position independent code must be set), use:
hardening-check executable_name
On newer distros (as of 2016), it seems that PIE is enabled by default so you will need to disable it explicitly when compiling.
Here's a little summary of commands which can be helpful when playing locally with buffer overflow exercises in general:
Disable canary:
gcc vuln.c -o vuln_disable_canary -fno-stack-protector
Disable DEP:
gcc vuln.c -o vuln_disable_dep -z execstack
Disable PIE:
gcc vuln.c -o vuln_disable_pie -no-pie
Disable all of protection mechanisms listed above (warning: for local testing only):
gcc vuln.c -o vuln_disable_all -fno-stack-protector -z execstack -no-pie
For 32-bit machines, you'll need to add the -m32
parameter as well.
I won't quote the entire page but the whole manual on optimisation is available here: http://gcc.gnu.org/onlinedocs/gcc-4.4.3/gcc/Optimize-Options.html#Optimize-Options
From the sounds of it you want at least -O0
, the default, and:
-fmudflap -fmudflapth -fmudflapir
For front-ends that support it (C and C++), instrument all risky pointer/array dereferencing operations, some standard library string/heap functions, and some other associated constructs with range/validity tests. Modules so instrumented should be immune to buffer overflows, invalid heap use, and some other classes of C/C++ programming errors. The instrumentation relies on a separate runtime library (libmudflap), which will be linked into a program if -fmudflap is given at link time. Run-time behavior of the instrumented program is controlled by the MUDFLAP_OPTIONS environment variable. See env MUDFLAP_OPTIONS=-help a.out for its options.
Source: Stackoverflow.com