My first experience of stack smashing

root@indiaforce:~/examples# python fb_tweet2.py
Please enter a status:Hello mate..wussup?
python-gammu: WARNING: Truncating text Text to 650 chars!
*** stack smashing detected ***: python terminated
======= Backtrace: =========
/lib/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7e86bc8]
/lib/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7e86b80]
/usr/local/lib/python2.6/site-packages/gammu/_gammu.so(GSM_StringArray_New+0x0)[0xb7ae4954]
/usr/local/lib/python2.6/site-packages/gammu/_gammu.so[0xb793c9c9]
[0x65736c61]
======= Memory map: ========
08048000-08160000 r-xp 00000000 08:11 2231916    /usr/local/bin/python
08160000-0818b000 rw-p 00118000 08:11 2231916    /usr/local/bin/python
0818b000-08194000 rw-p 00000000 00:00 0
09a78000-09e3f000 rw-p 00000000 00:00 0          [heap]
b6dca000-b6de6000 r-xp 00000000 08:11 2231908    /usr/local/lib/libgcc_s.so.1
b6de6000-b6de7000 rw-p 0001b000 08:11 2231908    /usr/local/lib/libgcc_s.so.1
b6e01000-b6e11000 r-xp 00000000 08:11 2531388    /lib/i686/cmov/libresolv-2.7.so
b6e11000-b6e13000 rw-p 0000f000 08:11 2531388    /lib/i686/cmov/libresolv-2.7.so
b6e13000-b6e15000 rw-p 00000000 00:00 0
b6e15000-b6e1f000 r-xp 00000000 08:11 2531377    /lib/i686/cmov/libnss_files-2.7.so
b6e1f000-b6e21000 rw-p 00009000 08:11 2531377    /lib/i686/cmov/libnss_files-2.7.so
b6e34000-b6e3b000 r–s 00000000 08:11 1433852    /usr/lib/gconv/gconv-modules.cache
b6e3b000-b73e0000 rw-p 00000000 00:00 0
b73e0000-b751a000 r-xp 00000000 08:11 2328940    /usr/lib/i686/cmov/libcrypto.so.0.9.8
b751a000-b7530000 rw-p 0013a000 08:11 2328940    /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7530000-b7533000 rw-p 00000000 00:00 0
b7533000-b7575000 r-xp 00000000 08:11 2328934    /usr/lib/i686/cmov/libssl.so.0.9.8
b7575000-b7579000 rw-p 00042000 08:11 2328934    /usr/lib/i686/cmov/libssl.so.0.9.8
b757d000-b7581000 r-xp 00000000 08:11 2531375    /lib/i686/cmov/libnss_dns-2.7.so
b7581000-b7583000 rw-p 00003000 08:11 2531375    /lib/i686/cmov/libnss_dns-2.7.so
b7583000-b7585000 r-xp 00000000 08:11 2531475    /lib/libnss_mdns4_minimal.so.2
b7585000-b7586000 rw-p 00001000 08:11 2531475    /lib/libnss_mdns4_minimal.so.2
b7586000-b7587000 r-xp 00000000 08:11 2908214    /usr/local/lib/python2.6/lib-dynload/_bisect.so
b7587000-b7588000 rw-p 00001000 08:11 2908214    /usr/local/lib/python2.6/lib-dynload/_bisect.so
b7588000-b758e000 r-xp 00000000 08:11 2908198    /usr/local/lib/python2.6/lib-dynload/array.so
b758e000-b7590000 rw-p 00006000 08:11 2908198    /usr/local/lib/python2.6/lib-dynload/array.so
b7590000-b7592000 r-xp 00000000 08:11 2908237    /usr/local/lib/python2.6/lib-dynload/_hashlib.so
b7592000-b7593000 rw-p 00002000 08:11 2908237    /usr/local/lib/python2.6/lib-dynload/_hashlib.so
b7593000-b7599000 r-xp 00000000 08:11 2908178    /usr/local/lib/python2.6/lib-dynload/_ssl.so
b7599000-b759a000 rw-p 00006000 08:11 2908178    /usr/local/lib/python2.6/lib-dynload/_ssl.so
b759a000-b75a4000 r-xp 00000000 08:11 2908218    /usr/local/lib/python2.6/lib-dynload/_socket.so
b75a4000-b75a7000 rw-p 0000a000 08:11 2908218    /usr/local/lib/python2.6/lib-dynload/_socket.so
b75a7000-b75a9000 r-xp 00000000 08:11 2908240    /usr/local/lib/python2.6/lib-dynload/fcntl.so
b75a9000-b75aa000 rw-p 00002000 08:11 2908240    /usr/local/lib/python2.6/lib-dynload/fcntl.so
b75aa000-b75ad000 r-xp 00000000 08:11 2908217    /usr/local/lib/python2.6/lib-dynload/cStringIO.so
b75ad000-b75ae000 rw-p 00003000 08:11 2908217    /usr/local/lib/python2.6/lib-dynload/cStringIO.so
b75ae000-b75b0000 r-xp 00000000 08:11 2908213    /usr/local/lib/python2.6/lib-dynload/_random.so
b75b0000-b75b1000 rw-p 00002000 08:11 2908213    /usr/local/lib/python2.6/lib-dynload/_random.so
b75b1000-b75b5000 r-xp 00000000 08:11 2908197    /usr/local/lib/python2.6/lib-dynload/math.so
b75b5000-b75b7000 rw-p 00003000 08:11 2908197    /usr/local/lib/python2.6/lib-dynload/math.so
b75b7000-b75bf000 r-xp 00000000 08:11 4776258    /root/.python-eggs/simplejson-2.1.0-py2.6-linux-i686.egg-tmp/simplejson/_speedups.so
b75bf000-b75c0000 rw-p 00008000 08:11 4776258    /root/.python-eggs/simplejson-2.1.0-py2.6-linux-i686.egg-tmp/simplejson/_speedups.so
b75c0000-b75c4000 r-xp 00000000 08:11 2908204    /usr/local/lib/python2.6/lib-dynload/strop.so
b75c4000-b75c6000 rw-p 00003000 08:11 2908204    /usr/local/lib/python2.6/lib-dynload/strop.so
b75c6000-b75cb000 r-xp 00000000 08:11 2908207    /usr/local/lib/python2.6/lib-dynload/_collections.so
b75cb000-b75cc000 rw-p 00005000 08:11 2908207    /usr/local/lib/python2.6/lib-dynload/_collections.so
b75cc000-b75d0000 r-xp 00000000 08:11 2908232    /usr/local/lib/python2.6/lib-dynload/zlib.so
b75d0000-b75d2000 rw-p 00003000 08:11 2908232    /usr/local/lib/python2.6/lib-dynload/zlib.so
b75d2000-b75d8000 r-xp 00000000 08:11 2908190    /usr/local/lib/python2.6/lib-dynload/operator.so
b75d8000-b75da000 rw-p 00005000 08:11 2908190    /usr/local/lib/python2.6/lib-dynload/operator.so
b75da000-b75e8000 r-xp 00000000 08:11 2908183    /usr/local/lib/python2.6/lib-dynload/datetime.so
b75e8000-b75eb000 rw-p 0000e000 08:11 2908183    /usr/local/lib/python2.6/lib-dynload/datetime.so
b75eb000-b762c000 rw-p 00000000 00:00 0
b762c000-b7640000 r-xp 00000000 08:11 1419654    /usr/lib/libz.so.1.2.3.3
b7640000-b7641000 rw-p 00013000 08:11 1419654    /usr/lib/libz.so.1.2.3.3
b7641000-b7656000 r-xp 00000000 08:11 2531371    /lib/i686/cmov/libnsl-2.7.so
b7656000-b7658000 rw-p 00014000 08:11 2531371    /lib/i686/cmov/libnsl-2.7.so
b7658000-b765a000 rw-p 00000000 00:00 0
b765a000-b7663000 r-xp 00000000 08:11 2531364    /lib/i686/cmov/libcrypt-2.7.so
b7663000-b7665000 rw-p 00008000 08:11 2531364    /lib/i686/cmov/libcrypt-2.7.so
b7665000-b768c000 rw-p 00000000 00:00 0
b768c000-b7830000 r-xp 00000000 08:11 1419229    /usr/lib/libmysqlclient.so.15.0.0
b7830000-b7874000 rw-p 001a3000 08:11 1419229    /usr/lib/libmysqlclient.so.15.0.0
b7874000-b7875000 rw-p 00000000 00:00 0
b7875000-b7880000 r-xp 00000000 08:11 475379     /usr/lib/libdbi.so.0.0.5
b7880000-b7881000 rw-p 0000a000 08:11 475379     /usr/lib/libdbi.so.0.0.5
b7881000-b7b2a000 r-xp 00000000 08:11 2222778    /usr/local/lib/python2.6/site-packages/gammu/_gammu.so
b7b2a000-b7b78000 rw-p 002a9000 08:11 2222778    /usr/local/lib/python2.6/site-packages/gammu/_gammu.so
b7b78000-b7bd1000 rw-p 00000000 00:00 0
b7bd1000-b7d0b000 r–p 00000000 08:11 1451203    /usr/lib/locale/locale-archive
b7d0b000-b7d8e000 rw-p 00000000 00:00 0
b7d8e000-b7ee3000 r-xp 00000000 08:11 2531360    /lib/i686/cmov/libc-2.7.so
b7ee3000-b7ee4000 r–p 00155000 08:11 2531360    /lib/i686/cmov/libc-2.7.so
b7ee4000-b7ee6000 rw-p 00156000 08:11 2531360    /lib/i686/cmov/libc-2.7.soAborted
root@indiaforce:~/examples# gedit fb_tweet2.py

Today i got a first glimpse of stack smashing..improperly written code results in stack smashing…Read more of it here – http://en.wikipedia.org/wiki/Stack_smashing

And if you want to prevent stack smashing, get the hardened kernel here – http://code.google.com/p/indiaforcekernel/

Computer Security is hard..really hard..

Posted via email from [root@localhost /root]#