问题
As a consequence of an programming error we get segmentation faults . But as a necessary tool we try the same thing but the kernel detects it as smashing the stack . How exactly does the kernel see the difference ?
回答1:
Briefly, no. Segmentation faults are when the kernel is able to detect an invalid memory access and then kills the process. Some invalid memory accesses cannot be detected by the kernel, and stack overflows are built on these. However, stack overflows can be detected by the compiler and are in recent versions of gcc (4.1+), which have built-in protection against stack smashing attacks. Basically, a "canary" value is placed on the stack between stack frames. There are checks to make sure the canary still has the correct value; if it doesn't (because it was overwritten and the overwriter couldn't guess the correct value) then the stack smashing protection routines execute. For more information, see: http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29 and http://wiki.osdev.org/GCC_Stack_Smashing_Protector
You can disable the gcc protection with "-fno-stack-protector", for more on this see: Stack smashing code not working on Linux kernel 2.6.38.7... Please help
Conversely, a segmentation fault is just an invalid memory access that happens anywhere in the program, meaning the kernel detects access to memory that is not in the program's allowed memory region. AFAIK this is checked using a combination of x86 segments and virtual memory. There's no real way for the kernel/OS to know whether an access was in the original program code or the code was exploited somehow; either way, the program is attempting to access memory it cannot and so it is forcibly terminated.
回答2:
Isnt Segmentation fault the same as the smashing the stack?
No, a segmentation fault is when the operating system detects an invalid memory access and terminates your process. Smashing the stack refers to the act of overwriting (return) addresses on the stack, typically by overflowing a locally declared array.
When you're smashing the stack (as an attacker), your goal is to get the process to execute code of your choice. You want to avoid segmentation faults because they would kill the process you're trying to take over.
As a consequence of an programming error we get segmentation faults .
Well, some errors cause segmentation faults, yes. Other errors do nothing or just cause wrong results (such as when an attacker successfully exploits a buffer overflow and makes the program run completely different code).
But as a necessary tool we try the same thing but the kernel detects it as smashing the stack .
I have no idea what you just said but the kernel does not detect "smashing the stack".
How exactly does the kernel see the difference ?
Difference between what?
来源:https://stackoverflow.com/questions/13893890/isnt-segmentation-fault-the-same-as-the-smashing-the-stack