Execshield and vsspacerandom-Linux general technology-Linux programming and kernel information. The following is a detailed description. Bypass Exec-shield Under Redhat:
0x120-analysis in the execshield environment]
First, let's look at the execshield switch.
[Axis @ axis explab] $ cat/proc/sys/kernel/exec-shield
1
[Axis @ axis explab] $ cat/proc/sys/kernel/randomize_va_space
1
[Axis @ axis explab] $
VA space randomize is a feature of 2.6.x kernel. It randomly changes virtual addresses and greatly increases the overflow difficulty. However, this feature is not covered in this article. However, because it is enabled by default in the kernel of the higher version, we will not close it to increase the difficulty of our challenge.
It seems that exec-shield and vs space random are not the same thing.
I haven't figured it out yet. Let's take a look at debian, as4, and as5
There are some inconsistencies between san and iris systems.
San said that linux-gate is an entry and will not change. Iris uses suse.
Exec-sheild is enabled in the rh kernel. It is enabled by default.
In your own kernel, exec-sheild does not exist, but vs space is enabled by default. I have verified this in the CBD machine.
Exec-sheild should be unexecutable, and then add the Linux kernel's own random base address, red hat is actually quite safe, exp is more difficult to use.
However, a South Korean wrote a code that bypasses exec sheild and is looking for someone to study it.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.