Buffer Overflow Attack

Published on Dec 17, 2015


By combining the C programming language's liberal approach to memory handling with specific Linux filesystem permissions, this operating system can be manipulated to grant unrestricted privilege to unprivileged accounts or users.

A variety of exploit that relies upon these two factors is commonly known as a buffer overflow, or stack smashing vulnerability. Stack smashing plays an important role in high profile computer security incidents. In order to secure modern Linux systems, it is necessary to understand why stack smashing occurs and what one can do to prevent it.


To understand what goes on, some C and assembly knowledge is required. Virtual Memory, some Operating Systems essentials, like, for example, how a process is laid out in memory will be helpful. You MUST know what a setuid binary is, and of course you need to be able to -at least- use Linux systems. If you have an experince of gdb/cc, that is something really good. Document is Linux/ix86 specific. The details differ depending on the Operating System or architecture you're using. Here, I have tried out some small buffer overflows that can be easily grasped. The pre-requisites described above are explained is some detail below.

Linux File System Permissions

In order to better understand stack smashing vulnerabilities, it is first nec-essary to understand certain features of filesystem permissions in the Linux operating system. Privileges in the Linux operating system are invested solely in the user root, sometimes called the superuser, root's infallibility is ex-pected under every condition including program execution. The superuser is the main security weakness in the Linux operating system. Because the superuser can do anything, after a person gains superuser privileges for ex-ample, by learning the root password and logging in as root that person can do virtually anything to the system.

This explains why most attackers who break into Linux systems try to become superusers. Each program (process) started by the root user inherits the root user's allinclusive privilege. In most cases the inherited privilege is subsequently passed to other programs spawned by root's running processes. Set UID (SUID) permissions in the Linux operating system grant a user privilege to run programs or shell scripts as another user.

Linux operating system, the process in memory that handles the program execution is usually owned by the user who executed the program. Using a unique permission bit to indicate SUID, the filesystem indicates to the op-erating system that the program will run under the file owner's ID rather than the user's ID who executed the program. Often times SUID programs are owned by root; while these programs may be executable by an under-privileged user on the system, they run in memory with unrestricted access to the system. As one can see, SUID root permissions are used to grant an unprivileged user temporary, and necessary, use of privileged resources. Many Linux programs need to run with superuser privileges.

These pro-grams are run as SUID root programs, when the system boots, or as network servers. A single bug in any of these complicated programs can compromise the safety of your entire system. This characteristic is probably a design flaw, but it is basic to the design of Linux, and it not likely to change. Exploitation of this "feature turned design flaw" is critical in constructing buffer overflow exploits.

Related Seminar Topics