4.x) Linux kernels is likely
to have observed this phenomenon. For the time being we will exclude the possibility
that any memory protection mechanism such as Address Space Layout Randomization
(ASLR) or a non-executable stack (NX or W^X) is in place, and explain what is happening
within the Linux kernel to cause this ???jumpy stack??? syndrome.
Process Initialization Chapter 7 discussed the basic layout of the bottom of a program??™s
stack. A more detailed view of a program??™s stack layout can be seen in Figure 18-4.
Linux programs are launched using the execve() system call. The function prototype
for C programmers looks like this:
int execve(const char *filename, char *const argv[], char *const envp[]);
Figure 18-4
Detailed view of a
program??™s stack
layout
Chapter 18: From Vulnerability to Exploit
469
PART IV
Here, filename is the name of the executable file to run and the pointer arrays argv and
envp contain the command-line arguments and environment variable strings respectively
for the new program. The execve() function is responsible for determining the format
of the named file and for taking appropriate actions to load and execute that file. In
the case of shell scripts that have been marked as executable, execve() must instantiate a
new shell, which in turn is used to execute the named script.
Pages:
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820