如何设置堆栈不可执行和ASLR
2011-11-28 11:08
239 查看
最近,做一个调查,如何在Windows和Linux系统下,做堆栈执行保护,和ASLR(Address Space Layout Randomization)。找了好多材料,才找到,在这里总结一下:
堆栈检测保护设置:
randomize_va_space 的可能值如下:
exec-shield的取值如下:
在linux系统下,还有一个execstack 的命令可以设置库或者可执行文件的堆栈执行保护标志, 参数如下:
希望对大家在Windows和Linux下,保护缓冲区溢出有所帮助。
OS | Execution space protection | ASLR (Address Space Layout Randomization) | Description | Check Tool |
Windows | Compiler Option: /NXCOMPACT Default is enabled. System option: 1.Open the Control Panel 2.Select System & Maintenance 3.Click System 4.Click Advanced System Settings 5.Click the Advanced tab 6.Click Performance Settings 7.Click the Data Execution Prevention tab | Compiler Option: /DYNAMICBASE Default is enabled. System option: ASLR is enabled by default. I don’t find the way to disable it. But, it can only run well based on enabling DEP/ NX. | Microsoft's Windows Vista (released January 2007), Windows Server 2008, Windows 7, and Windows Server 2008 R2 have ASLR enabled by default, although only for those executables and dynamic link libraries specifically linked to be ASLR-enabled.[7] This did not include Internet Explorer 7 on Windows Vista prior to Service Pack 1; ASLR and DEP are both disabled for application compatibility purposes. | Process explorer Windbg PllyDbg |
Linux | Compiler (Link) Option: -Wl,-z,noexecstack or -Wa,--noexecstack System option: /proc/sys/kernel/exec-shield | Compiler Option: -fPIC -pie System option: /proc/sys/kernel/randomize_va_space Or sysctl -w kernel.randomize_va_space=NEWVALUE | Linux has enabled a weak[6] form of ASLR by default since kernel version 2.6.12 (released June 2005). | 1) http://www.trapkit.de/tools/checksec.html 2) find /lib -exec execstack -q {} \; -print 2> /dev/null | grep ^X to check whether the stack is executable 3) execstack -q ~/lib/libfoo.so.1 ~/bin/bar will query executable stack marking of the given files. 4) Command readelf -h -d /usr/sbin/smbd | grep ‘Type:.*DYN’ If the file has been compiled for PIE, the command will return something similar to the following: Type: DYN (Shared object file) |
OS | Compiler flag |
Windows | /GS |
Linux | -fstack-protector-all -fstack-protector |
Value | Description |
0 | ASLR is disabled |
1 | All supported formsof ASLR are enabled, except heap randomization |
2 | All supported formsof ASLR are enabled. |
Value | Description |
0 | Exec-shield (includingrandomized VM mapping) is disabled for all binaries, marked or not |
1 | Exec-shield is enabled forall marked binaries (default) |
2 | Exec-shield is enabled forall binaries, regardless of marking (to be used for testing purposes ONLY) |
Value | Description | |
| Clear executablestack flag bit | |
-q, --query | Query executable stack flagbit | |
-s, --set-execstack | Set executable stack flagbit |
相关文章推荐
- Extjs如何设置chekcbox选中,并且不可编辑。
- 在Java中如何设置一个定时任务,在每天的一个时间点自动执行一个特定的程序
- 如何得到当前程序执行的堆栈
- IIS如何设置dll(webservice)为可执行程序
- js随记----如何将文本框设置成不可编辑的
- Flex中如何通过设置editable属性控制NumericStepper控件可编辑/不可编辑状态的例子
- swing的jtable中如何设置某一列不可编辑或者可编辑
- js随记-如何将文本框设置为不可编辑
- Linux下如何定时执行php脚本?Linux下如何设置定时任务?Crontab定时执行程序
- 详解μC/OS-II如何检测任务堆栈实际使用情况——即如何设置ucosii任务堆栈大小
- 如何设置WebView使得加载网页时能够执行JavaScript脚本中的alert()函数
- 前端开发:css技巧,如何设置select、radio 、 checkbox 、file这些不可直接设置的样式 。
- 传值设置mybatis查询的 列名(字段名),以及如何查看mybatis中执行的SQL语句
- 如何设置select只读不可编辑且select的值可传递
- 如何设置select只读不可编辑且select的值可传递
- 如何设置select只读不可编辑且select的值可传递
- 如何设置JTable不可编辑
- ionic之如何设置输入框未输入时按钮不可点击,有输入值时按钮自动变为可点击
- 如何设置双击执行 jar 文件
- 两个小知识:C#如何设置开机启动时自动执行程序|C# WinForm打开超链接