oss-sec mailing list archives
Re: Offset2lib: bypassing full ASLR on 64bit Linux
From: Andy Lutomirski <luto () amacapital net>
Date: Fri, 05 Dec 2014 17:18:35 -0800
On 12/05/2014 04:44 PM, Hanno Böck wrote:
On Fri, 05 Dec 2014 17:43:44 -0500 Daniel Kahn Gillmor <dkg-QLrU/DhXBlmnlhUoGqYIEF6hYfS7NtTn () public gmane org> wrote:i couldn't find a reference to this in the nautilus bugtracker, so i just posted: https://bugzilla.gnome.org/show_bug.cgi?id=741183I tried to dig into this a bit. I'm not really sure, but based on the output I assume nautilus is relying on file or libmagic to assess the file type. And that's what fails: $ file --mime-type pie pie: application/x-sharedlib It seems there is no really easy way to separate executables from shared libraries and whether this should be considered a bug in file/libmagic. The only thing I quickly found that would be possible is searching if a SONAME is present. libmagic uses some "magic" file format to parse files, I don't know if that's capable of such complex parsing.
Why does gcc and/or ld write a non-zero entry point? If they didn't, that would be an easy way to check. --Andy
(oh, btw, this is one more reason to wipe out potential security bugs in file...)
Current thread:
- Re: Offset2lib: bypassing full ASLR on 64bit Linux, (continued)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Paul Pluzhnikov (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Kahn Gillmor (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski (Dec 05)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Message not available
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere (Dec 06)