问题
In linux , there are many ways to bypass security mechanisms( like NX, ASLR) except canary. Actually, I find the stack canary is generated by the Linux kernel in /arch/arm/include/asm/stackprotector.h/boot_init_stack_canary() function.The random number is generated by extract_entropy function at last, and it's related to the environment noises such as the keyboad, the time interval of interruption.
Are there any ways to bypass canary security mechanism when exploit a stack-overflow vulnerability?
回答1:
In general the techniques for beating canaries is to use the correct value. Typically this can be done using either an information leak to obtain the correct value before overflowing the buffer onto the stack, or in some cases where the process starts again it is possible to brute force the correct value.
来源:https://stackoverflow.com/questions/36643072/how-to-bypass-stack-canary-when-exploit-a-stack-overflow-vulnerability-in-user-m