"Fossies" - the Fresh Open Source Software Archive 
Member "libsafe-2.0-16/exploits/README" (2 May 2002, 1487 Bytes) of package /linux/misc/old/libsafe-2.0-16.tgz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 $Name: release2_0-16 $
2 $Id: README,v 1.5 2002/05/02 18:20:16 ttsai Exp $
3
4 This directory contains sample buffer overflow exploits. t1, t3, and t4 are
5 simple examples. canary-exploit is an example of a format string exploit that
6 overwrites a return address without touching the bytes surrounding the return
7 address, which is where a canary would typically exist. exploit-non-exec-stack
8 is an example of a return-into-libc exploit that shows how a buffer overflow
9 exploit can work, even if the stack is non-executable.
10
11 NOTE: The xlock-exploit example has been removed. Because xlock-exploit
12 requires X-Windows libraries to execute, the libsafe RPM packages with
13 xlock-exploit included dependencies on X-Windows. As a result, xlock-exploit
14 has been removed to enable the libsafe RPM package to be installed on systems
15 with no X-Windows installation.
16
17 As a demonstration of how libsafe works, do the following:
18 (1) Build the libsafe shared library and the exploits by executing "make" in
19 the top-level libsafe directory.
20 (2) Execute each program as is (i.e., without libsafe). For each program, the
21 result should be an interactive shell.
22 (3) Execute each program with libsafe. The simplest way to do this is to use
23 the "int.sh" script in the ./exploits directory. For example, to
24 execute "t1" with libsafe, execute "int.sh t1". Repeat for t2, t4, and
25 xlock-exploit. For each exploit, libsafe should output a detection
26 message to stderr and add an entry to /var/log/secure.