buffer-overflow

问题 I\'m working on a homework problem that requires disabling compiler optimization protection for it to work. I\'m using gcc 4.4.1 on ubuntu linux, but can\'t figure out which flags are are the right ones. I realize it\'s architecture dependant - my machine runs w/ 32-bit Intel processor. Thanks. 回答1: That's a good problem. In order to solve that problem you will also have to disable ASLR otherwise the address of g() will be unpredictable. Disable ASLR: sudo bash -c 'echo 0 > /proc/sys/kernel

问题 When I try to compile C code that uses the gets() function with GCC, I get this warning: (.text+0x34): warning: the `gets\' function is dangerous and should not be used. I remember this has something to do with stack protection and security, but I\'m not sure exactly why. How can I remove this warning and why is there such a warning about using gets() ? If gets() is so dangerous then why can\'t we remove it? 回答1: In order to use gets safely, you have to know exactly how many characters you

问题 Edit: I\'ve added the source for the example. I came across this example: char source[MAX] = \"123456789\"; char source1[MAX] = \"123456789\"; char destination[MAX] = \"abcdefg\"; char destination1[MAX] = \"abcdefg\"; char *return_string; int index = 5; /* This is how strcpy works */ printf(\"destination is originally = \'%s\'\\n\", destination); return_string = strcpy(destination, source); printf(\"after strcpy, dest becomes \'%s\'\\n\\n\", destination); /* This is how strncpy works */

问题 When I try to compile C code that uses the gets() function with GCC, I get this warning: (.text+0x34): warning: the `gets\' function is dangerous and should not be used. I remember this has something to do with stack protection and security, but I\'m not sure exactly why. How can I remove this warning and why is there such a warning about using gets() ? If gets() is so dangerous then why can\'t we remove it? 回答1: In order to use gets safely, you have to know exactly how many characters you