1 #include <stdio.h> 2 #include <string.h> 3 #include <unistd.h> 4 #include <sys/mman.h> 5 6 int 7 main(void) 8 { 9 const size_t page_len = sysconf(_SC_PAGESIZE); 10 const size_t work_len = page_len * 2; 11 const size_t tail_len = work_len - 1; 12 13 void *p = mmap(NULL, page_len * 3, PROT_READ | PROT_WRITE, 14 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 15 if (p == MAP_FAILED || mprotect(p + work_len, page_len, PROT_NONE)) 16 return 77; 17 18 memset(p, 0, work_len); 19 char *addr = p + work_len - tail_len; 20 memset(addr, '0', tail_len - 1); 21 22 char *argv[] = { NULL }; 23 char *envp[] = { addr, NULL }; 24 execve("", argv, envp); 25 26 printf("execve(\"\", [], [\"%0*u\"]) = -1 ENOENT (No such file or directory)\n", 27 (int) tail_len - 1, 0); 28 puts("+++ exited with 0 +++"); 29 30 return 0; 31 } 32
