O'Reilly logo
  • Alain O'Dea thinks this is interesting:

After compilation in the sample output below


Cover of Hacking: The Art of Exploitation, 2nd Edition


Add -fno-stack-protector to make this vulnerability usable on Ubuntu. This is also assuming 32-bit addressing. When targeting x86_64 GCC defaults to 16-byte stack alignment so the attack vector needs to exceed 16 bytes to show interesting results. GCC 4.1 added a stack protector mechanism involving canaries, hidden variables at the head of the stack. It inject checks for changes to the value of these variables indicating that that stack smashing has occurred. On Ubuntu 14.04 the default compiler arguments include -fstack-protector.