overflow test program available?

Discuss and suggest new grsecurity features

overflow test program available?

Postby heilpern » Sun Dec 22, 2002 2:21 am

I've been using grsecurity for only a short while. I understand that it is supposed to be able to thwart overflow exploits, and I think this is in two manners -- restrictions on what a process can launch (execute ACLs) and pax for more basic memory protection.

Is there somewhere I can download a simple set of test programs -- one with an overflow that can be exploited through commandline arguments, and another to exercise it? I would like to use something like this as a test case for my own inspection of the system.

I recall such an example pair of programs from several years ago -- I believe they may have come with Solar Designer's (antiquated?) linux kernel patch to prevent overflow exploits. I've searched for this and also on the OWL site for such an example, but no luck.
heilpern
 
Posts: 3
Joined: Sun Dec 22, 2002 2:16 am

Re: overflow test program available?

Postby PaX Team » Sun Dec 22, 2002 9:44 am

heilpern wrote:I've been using grsecurity for only a short while. I understand that it is supposed to be able to thwart overflow exploits, and I think this is in two manners -- restrictions on what a process can launch (execute ACLs) and pax for more basic memory protection.
close ;-), but it's a bit of an oversimplification. i suggest that you check out Brad's LSM presentation slides for more info. in short, PaX aims at preventing certain classes of exploits (not only array overflows, and memory protection is just one feature) while the ACL system lets you confine a successful exploit (again, execution restriction is just one feature). ACLs also have more use in that they confine application behaviour in general, regardless of what drives it (careless programmer, trojan horse, successful exploit, etc).
Is there somewhere I can download a simple set of test programs -- one with an overflow that can be exploited through commandline arguments, and another to exercise it? I would like to use something like this as a test case for my own inspection of the system.
i have a test program myself, but it wasn't written by me and is considered private, so i can't give it out. however i did want to write my own for some time now, especially since there are more features that need testing than at the beginning. if you're interested in writing one (or anyone else for that matter), i can give you a 'checklist' of what should go into such a tool(set). other than that, you can always try to test on known buggy software and working exploits against it.
I recall such an example pair of programs from several years ago -- I believe they may have come with Solar Designer's (antiquated?) linux kernel patch to prevent overflow exploits. I've searched for this and also on the OWL site for such an example, but no luck.
the Owl linux kernel patches have a test program called stacktest.c which works under PaX as well, although it exercises only the non-exec stack and gcc trampoline emulation features.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Thank you :)

Postby heilpern » Sun Dec 22, 2002 12:22 pm

Thanks for your reply! I downloaded owl to use stacktest.c from there, testing it on a grsecurity system as well as a vanilla system, and then on the 'secure' system using chpax to turn off protection, and I am happy with my results.
heilpern
 
Posts: 3
Joined: Sun Dec 22, 2002 2:16 am


Return to grsecurity development