$Name: release2_0-16 $
$Id: README,v 1.5 2002/05/02 18:20:16 ttsai Exp $

This directory contains sample buffer overflow exploits.  t1, t3, and t4 are
simple examples.  canary-exploit is an example of a format string exploit that
overwrites a return address without touching the bytes surrounding the return
address, which is where a canary would typically exist.  exploit-non-exec-stack
is an example of a return-into-libc exploit that shows how a buffer overflow
exploit can work, even if the stack is non-executable.

NOTE:  The xlock-exploit example has been removed.  Because xlock-exploit
requires X-Windows libraries to execute, the libsafe RPM packages with
xlock-exploit included dependencies on X-Windows.  As a result, xlock-exploit
has been removed to enable the libsafe RPM package to be installed on systems
with no X-Windows installation.

As a demonstration of how libsafe works, do the following:
(1) Build the libsafe shared library and the exploits by executing "make" in
	the top-level libsafe directory.
(2) Execute each program as is (i.e., without libsafe).  For each program, the
	result should be an interactive shell.
(3) Execute each program with libsafe.  The simplest way to do this is to use
	the "int.sh" script in the ./exploits directory.  For example, to
	execute "t1" with libsafe, execute "int.sh t1".  Repeat for t2, t4, and
	xlock-exploit.  For each exploit, libsafe should output a detection
	message to stderr and add an entry to /var/log/secure.