Compile this program a.c with gcc:

        int main (){
          system ("ls -l");
          return 0;
        }
      

and try to find out the address of the function system (you may want to read the paper for the detail of the technique), write down the address you've found. And then repeat the process for a second time, and again write down the adress of function system. Are the two addresses same or not? What's the challenge when you permform a return-to-libc attack on your machine?

Now compile this program again with:

        gcc -static a.c
      

and then find out the address for system (Hint: don't use gdb, use objdump instead). Can you attack this program with return-to-libc? Why?