[cfe-users] Disabling stack protection on OSX 10.11
Mark Wadham via cfe-users
cfe-users at lists.llvm.org
Tue Sep 29 09:08:36 PDT 2015
Hi,
Not sure if this is the right place to ask this question but I'll try
anyway.
I can't seem to disable the stack protection on OSX 10.11 using clang
7.0.0.
$ clang --version
Apple LLVM version 7.0.0 (clang-700.0.72)
Target: x86_64-apple-darwin15.0.0
Thread model: posix
Compiling with:
gcc -o a a.c -fno-stack-protector -D_FORTIFY_SOURCE=0
-fno-sanitize=memory
I've also used change_mach_o_flags.py to set the heap executable and am
also setting:
sysctl -w vm.allow_stack_exec = 1
If I then write a test program that handles a buffer in an unsafe way, I
can overflow it and get rip to jump to say, the address of an
environment variable, but as soon as that happens the system segfaults
as if it's being caught by stack protection.
Not sure if this output from vmmap from a running instance of the
compiled program is useful:
# vmmap 49625 |grep -i stack
STACK GUARD 00007fff58157000-00007fff5b957000 [ 56.0M]
---/rwx SM=NUL stack guard for thread 0
Stack 00007fff5b957000-00007fff5c157000 [ 8192K]
rw-/rwx SM=PRV thread 0
STACK GUARD 56.0M 2
Stack 8192K 2
Is there some new kernel-based stack protection that can't be turned off
in 10.11?
Any help much appreciated.
Thanks,
Mark
More information about the cfe-users
mailing list