Lead Image © Maksim Kabou, 123RF.com

Lead Image © Maksim Kabou, 123RF.com

From debugging to exploiting

Secure Code

Article from ADMIN 25/2015
By
Kernel and compiler security techniques, together with sound programming practices, fend off memory corruption exploits.

A number of modern protections are used to make software a bit more secure. Some of these are kernel based, whereas others are compiler based. In this article, I present a proof of concept capable of bypassing protections and exploiting code.

Many published papers have focused on the exploitation of ELF (executable and linkable format) binaries – a Linux standard file format – which bypasses modern protection techniques. (Table 1 lists a few techniques discussed in this article.) However, in some scenarios in which security has not historically been in the forefront, these protections are never applied, or, if so, the software holds many flaws that can still lead to a successful exploitation.

Table 1

Security Techniques

Acronym Method
ASLR Address space layout randomization
NX/DEP No-execute bit/data execution prevention
RELRO Relocation read-only
SSP Stack smashing protector
PIE Position-independent executable

Modern

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=