I'm reading about BOF(buffer overflow) attack, one way to prevent it is by making stack or heap non executable. But that doesn't mean that we can't have a local variable. I did't see a new behavior by making the stack non executable. What is the major difference between Executable and NX stack, in terms of BOF?
1
votes
2 Answers
0
votes
The stack-based buffer overflow attack works by
- overwriting the return address, and
- placing the malicious code further up the stack.
The new value of the return address points to the proper place inside the malicious code. When the function returns, it returns into the malicious code, which begins to execute.
But recall that it is on the stack. If the stack is not executable, the program just crashes, without executing the bad stuff.
0
votes
I have now grasp what executable stack mean, computer instructions are stored in .text section. Stack sections contains function arguments, local variables, we can also store instructions since they are byte code. But by default CPU won't execute instructions stored on the stack so to make CPU to execute our code stored on the stack we have to tell by making stack executable.
gcc -m32 -z execstack -o shell exploit.c
