Stack smashing detected while applying stack & register on the remote identical process

Issue

Let us consider that I have an application that is to be executed on 1st node. This application however, cannot execute some function on this 1st node as the node lacks such capabilities. Hence, in order to make this application execution flawless, I am planning to steal the process’s stack, heap & its registers using ptrace & send them over to other fully capable 2nd node. Here in this 2nd node, I would like to execute the same process(i.e same executable on the same architecture like x86) until the exact same point 1st process has exeuted, apply the previously stolen stack, heap & register’s value onto this process and execute it here and transfer the results back to the 1st node and start executing the application from there.

I have also disabled the ASLR (Address space layout randomization) so that it will be one to one mapping between the process executed on remote node.

On applying such logic, the program ends up with "Stack smashing detected"
Is there anything that I am missing here, or is the idea itself not so feasible???

NOTE: I am also skipping the part of copying kernel stack, as the process on both sides are executed exactly until the same instruction. Please also note that this was a very simple program that I tried as I don’t want the complexity of heaps to be involved.

#include <unistd.h>
#include <stdio.h>
#include <signal.h>

void add_one(int *p){
    *p += 2;
}

int main(int argc, char **argv)
{
    int i = 0;
    add_one(&i);
    return 0;
}

Above picture holds that program that I experimented with, here I disassembled and found out the address of the function add_one, the point at which I would steal stack & process registers and send them over to apply onto the other identical process in node 2.

Any help on how to do such migrations and the things that I am missing would really help me in moving forward.

Solution

if you want to do this you need to at least disable stack canaries, because those will 100% mismatch when carrying over the execution to another machine even if you copied the entire address space.

-fno-stack-protector will do

Answered By – Abilesh Sundarasamy

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published