buffer overflow on cygwin vs solaris.
Hi, I am working through some examples in the buffer overflow tutorial at http://www.wbglinks.net/pages/reads/wbgreads/bofs/bof07.html One of the sample code used is this #include syslog.h char buffer[4028]; void main() { int i; for (i=0; i=4028; i++) buffer[i]='A'; syslog(LOG_ERR, buffer); } According to the tutorial, it should produced output bash$ gcc -g buf.c -o buf bash$ buf Segmentation fault (core dumped) However, on my cygwin installation, it does not core dump. bash$ gcc -g buf.c -o buf bash$ buf bash$ On Solaris, it does. How do I get the core dump equivalent on cygwin installation? Thanks. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Re: buffer overflow on cygwin vs solaris.
Song Ken Vern-E11804 wrote: for (i=0; i=4028; i++) buffer[i]='A'; Wow. That's some horrible code. Hasn't this person heard of memset()? On Solaris, it does. How do I get the core dump equivalent on cygwin installation? That's because you're trying to exploit a bug in Solaris. Cygwin is not Solaris. It does not have this vulnerability. This is a good thing. Ideally Cygwin (and any other library for that matter) would have zero exploitable buffer overflows. And even if it did, you most certainly can't expect to use shellcode intended for Solaris under Cygwin. They aren't even remotely similar under the hood, so don't expect a single thing on that page to work. You'll need to use win32 shellcode techniques. If you want to play around with buffer overflows, I suggest that you create your own buffer and overflow it. And find a better guide. There are plenty of win32-oriented guides to overflowing buffers and executing your code. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/