Return-to-libc attack

A “return-to-libc” attack is an attack that is usually starting with a buffer overflow in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the process’s executable memory, bypassing the NX bit feature (if present) and ridding the attacker of the need to inject their own code.

On POSIX-compliant operating system the C standard library is commonly used to provide a standard runtime environment for programs writing in the C programming language. Although the attacker could make the code return anywhere, libc is the most likely target, as it is almost always linked to the program, and it provides useful calls for an attacker (such as the system function used to execute shell commands)


Leave a Reply