Martin @ Blog

software development and life.

Flower

Linux security

For a course which I am currently following at the university, we got the exercise to try some exploit methods on Linux. While I did not have much knowledge about such stuff, I get more fun trying to breach security measures. A few weeks ago we had to find websites which were vurnerable for SQL-iinjections, which was rather easy. Last week we got the exercise to exploit races in setuid programs in order to overwrite a file for which the user has no permission to overwrite it. To my surprise this was rather easy (ofcourse we had a simple program to exploit, which make things a lot easier).
Today I decided to look into buffer overflow exploits. While this was actually an exercise a few weeks ago, I didn’t have time then to look into it thouroughly. There are some very interesting papers on this subject available on the internet (I don’t link them here, because finding the website for the course is also an exercise for new students).
I tried some examples which were described in the various articles on my server (because my desktop runs currently MacOS X). To my surprise most of the stuff didn’t work. At first I thought I was doing things incorrectly, but further investigation proved that it was caused by the OS. I knew that at least FC3 has improved security in comparisation with other distro’s, but also FC2 has some enhancements. It contains kernel patches which provides a non-executable stack… this make exploiting a buffer overflow a lot harder, but (as far as I know) not impossible. I also think that I have found a tool in MacOS X which has a security issue, but I’m not sure if it is exploitable.. a nice exercise.

Comments are closed.