Disabling Stack Smashing Protection in Ubuntu 11.04

Question

I\'m running 32-bit Ubuntu 11.04 on a 2007 MacBook, and I\'m just starting to learn about buffer overflow exploits. I\'m trying to run the example programs from a book, but

Answer 1

Are you sure you're passing -fno-stack-protector to the right gcc invocation? The given code doesn't appear to have a buffer overflow.

Answer 2

I'm a bit more informed on what's going on now. The given code constructs a buffer and then passes it to a program called notesearch that has a buffer overflow vulnerability. I didn't figure out how to disable the protective measures on the current version of ubuntu, but the methods I tried do work on my Ubuntu 9.10 virtual machine. That is, -fno-stack-protector works as a gcc flag, and when paired with sysctl kernel.randomize_va_space=0, buffer overflows that execute shellcode on the stack are permitted. A bit of a workaround, but running my VM suits me well and allows me to continue through the examples in this book. It's a great book if you're interested in learning exploits. Here it is