Can you turn off buffer overflow protections?

Developer Tools & Services Xcode
redgecomb3 OP
Created Jan ’21
Replies 5
Boosts 0
Views 1.5k
Participants 4
I am a non-programmer taking a software security course. The current project is dealing with buffer overflows. I've written the sample project in Xcode and it runs fine but shows a SIGABRT error. I'm guessing this is a result of protections that are in place to prevent buffer overflows. Is that correct? If so, how can I turn off those protections to allow my program to run? If not, what is the error? The code I'm using is...

#include <stdio.h>
#include <strings.h>

int main(int argc, char *argv [])
{
  int access = 0;
  char password[8];
  char adminpass[8] = "pass123!";
   
    printf("Please enter a password: ");
    scanf("%s", password);
      
    if (strncmp (password, adminpass, 8) == 0)
      access = 1;
    if (access > 0)
      printf("Access Granted!\n");
       
}

Thank, in advance for any help anyone can offer!
Replies  5
Boosts  0
Views  1.5k
Participants  4
OOPer OP
Jan ’21

I've written the sample project in Xcode and it runs fine but shows a SIGABRT error.

If it shows a SIGABRT error, it is not fine. You know your code causes buffer overflow, which may cause any sort of unpredictable things.

What do you think is a problem testing buffer overflow and get SIGABRT?
And pleas clarify how have you tested?
0
DTS Engineer OP
Apple
Jan ’21
I don’t have time to play around with this in detail but I suspect you want one of the following:

Code Block  
% clang --help | grep stack
  -fno-stack-check        Disable stack checking
  -fno-stack-protector    Disable the use of stack protectors
  -fstack-check           Enable stack checking
  -fstack-protector-all   Enable stack protectors for all functions
  -fstack-protector-strong
                          Enable stack protectors for some functions …
  -fstack-protector       Enable stack protectors for some functions …


Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
redgecomb3 OP
Jan ’21
What the project is having us do is to understand the risks of buffer overflows. What I'm trying to do is to intentionally put in a password that causes the 8 char capacity of the password buffer and see exactly what gets corrupted.

My understanding is that any password of 9 or more characters is going to overflow to "access," the variable defined immediately before it. And, since access is granted for any value of access other than zero, any buffer overflow will incorrectly allow access.

But, I also believe that any password of 13 or more characters is going to overflow the frame pointer and result in the program crashing.

For the purposes of this project, I'd like to be able to turn off the buffer overflow protections to allow me to prove what would happen under scenarios with various passwords entered.
0
OOPer OP
Jan ’21

any password of 9 or more characters

ny password of 13 or more characters

Seems you want to ignore the fact that there were no description about what you had input on SIGABRT.

And you expect some specific memory allocation on auto variables.

Anyway, please clarify the difference between what you expect and what you actually get, for each possible inputs.

Some of them may be caused by buffer overflow protections, and some other by your wrong expectations.
0
Claude31 OP
Jan ’21
Did you check the address in memory of all the var ?
Are they positioned in sequence as you guess ?
0
Can you turn off buffer overflow protections?
First post date Last post date
 
 
Q