Image:Aslr stack smash.png

[edit] Summary

Illustration of the target of a stack based buffer overflow. The orange triangle indicates the target address for the injected shellcode or ret2libc attack.

In the case of shellcode, a NOP buffer will defeat minor randomization; however, a non-executable stack prevents the use of shellcode. This gives the attack an X/R probability of success, where X is the width of injected NOPs divided by the width of a randomization period and R is the number of possible positions the stack could end at.

The ret2libc case is possible with a non-executable stack; however, moving the stack by even a single byte will mis-align the injected stack frames, causing the attack to fail. The injected stack frames can be repeated, which gives the attack a Y/R probability of success, where Y is the number of times the stack frames are repeated on relative alignment to the width of a randomization period and R is the number of possible positions the stack could end at.

	This image should be recreated using vector graphics as an SVG file. This has several advantages; see Commons:Media for cleanup for more information. If an SVG form of this image is already available, please upload it. After uploading an SVG, replace this template with template {{Vector version available|new image name.svg}} in this image.
العربية | Български | Català | Česky | Dansk | Deutsch | English | Esperanto | Español | Français | 한국어 | Italiano | Magyar | Lietuvių | Nederlands | 日本語 | Polski | Português | Română | Русский | Suomi | Svenska | Türkçe | Українська | Tiếng Việt | मराठी | ‪中文(繁體)‬ | ‪中文(简体)‬ | +/-

[edit] Licensing

I, the copyright holder of this work, hereby publish it under the following license: This file is licensed under the Creative Commons Attribution ShareAlike 2.5 License. In short: you are free to share and make derivative works of the file under the conditions that you appropriately attribute it, and that you distribute it only under a license identical to this one. Official license

• PaX