1n4r1.github.io

© 2021. All rights reserved.

Memo / disable memory protection for gcc

05 Feb 2020

Explanation

Memo to enable / disable the memory protection when compiling with gcc.

Environment

Solution

1. Default

C lang Source code

root@kali:~# cat helloworld.c 
#include <stdio.h>

int main() {
   printf("Hello World!");
   return 0;
}

Compile with no option

root@kali:~# gcc helloworld.c -o hello_world

root@kali:~# checksec --file hello_world
[*] Checking for new versions of pwntools
    To disable this functionality, set the contents of /root/.pwntools-cache-3.7/update to 'never'.
[*] A newer version of pwntools is available on pypi (4.0.0 --> 4.0.1).
    Update with: $ pip install -U pwntools
[*] '/root/hello_world'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      PIE enabled

Compile with stack protection

root@kali:~# gcc helloworld.c -o hello_world -fstack-protector-all

root@kali:~# checksec --file hello_world 
[*] '/root/hello_world'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled

Confirm ASLR working

root@vagrant:/home/vagrant# echo 1 > /proc/sys/kernel/randomize_va_space

root@vagrant:/home/vagrant# ldd /usr/bin/test
	linux-vdso.so.1 (0x00007ffdf7710000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2cd0092000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f2cd068f000)

root@vagrant:/home/vagrant# ldd /usr/bin/test
	linux-vdso.so.1 (0x00007ffc56f8d000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1c23924000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f1c23f21000)

root@vagrant:/home/vagrant# ldd /usr/bin/test
	linux-vdso.so.1 (0x00007ffca45ef000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f702a599000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f702ab96000)

2. Disable memory protections

Disable ASLR

root@vagrant:/home/vagrant# echo 0 > /proc/sys/kernel/randomize_va_space

root@vagrant:/home/vagrant# ldd /usr/bin/test
	linux-vdso.so.1 (0x00007ffff7ffa000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff77d8000)
	/lib64/ld-linux-x86-64.so.2 (0x00007ffff7dd5000)

root@vagrant:/home/vagrant# ldd /usr/bin/test
	linux-vdso.so.1 (0x00007ffff7ffa000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff77d8000)
	/lib64/ld-linux-x86-64.so.2 (0x00007ffff7dd5000)

root@vagrant:/home/vagrant# ldd /usr/bin/test
	linux-vdso.so.1 (0x00007ffff7ffa000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff77d8000)
	/lib64/ld-linux-x86-64.so.2 (0x00007ffff7dd5000)

Disable canary

root@kali:~# gcc helloworld.c -o hello_world -fno-stack-protector

root@kali:~# checksec --file hello_world 
[*] '/root/hello_world'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      PIE enabled

Disable DEP

oot@kali:~# gcc helloworld.c -o hello_world -z execstack

root@kali:~# checksec --file hello_world 
[*] '/root/hello_world'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      PIE enabled
    RWX:      Has RWX segments

Disable PIE

root@kali:~# gcc helloworld.c -o hello_world -no-pie

root@kali:~# checksec --file hello_world 
[*] '/root/hello_world'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x400000)
root@kali:~#

Disable ALL

root@kali:~# gcc helloworld.c -o hello_world -fno-stack-protector -no-pie -z execstack

root@kali:~# checksec --file hello_world 
[*] '/root/hello_world'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      No PIE (0x400000)
    RWX:      Has RWX segments

Related Posts