"Fossies" - the Fresh Open Source Software Archive

Member "libsafe-2.0-16/exploits/README" (2 May 2002, 1487 Bytes) of package /linux/misc/old/libsafe-2.0-16.tgz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 $Name: release2_0-16 $
    2 $Id: README,v 1.5 2002/05/02 18:20:16 ttsai Exp $
    4 This directory contains sample buffer overflow exploits.  t1, t3, and t4 are
    5 simple examples.  canary-exploit is an example of a format string exploit that
    6 overwrites a return address without touching the bytes surrounding the return
    7 address, which is where a canary would typically exist.  exploit-non-exec-stack
    8 is an example of a return-into-libc exploit that shows how a buffer overflow
    9 exploit can work, even if the stack is non-executable.
   11 NOTE:  The xlock-exploit example has been removed.  Because xlock-exploit
   12 requires X-Windows libraries to execute, the libsafe RPM packages with
   13 xlock-exploit included dependencies on X-Windows.  As a result, xlock-exploit
   14 has been removed to enable the libsafe RPM package to be installed on systems
   15 with no X-Windows installation.
   17 As a demonstration of how libsafe works, do the following:
   18 (1) Build the libsafe shared library and the exploits by executing "make" in
   19 	the top-level libsafe directory.
   20 (2) Execute each program as is (i.e., without libsafe).  For each program, the
   21 	result should be an interactive shell.
   22 (3) Execute each program with libsafe.  The simplest way to do this is to use
   23 	the "int.sh" script in the ./exploits directory.  For example, to
   24 	execute "t1" with libsafe, execute "int.sh t1".  Repeat for t2, t4, and
   25 	xlock-exploit.  For each exploit, libsafe should output a detection
   26 	message to stderr and add an entry to /var/log/secure.