Vulnerability Development mailing list archives
Re: Where else?
From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Mon, 19 Nov 2001 13:07:05 +0100 (EET)
On Fri, 16 Nov 2001, Hung Vu wrote:
To execute arbitrary code on a system one can overwrite: - Return addresses on the stack - function pointers - Longjump buffers - GOT tables - Dtors - _atexit stuff - GLibc hooks
Local variables and parameters on the stack (beyond RET), specialy pointers may be sufficient to copy shellcode and pass execution to any other rwx segments. No wx segments means perfect security. It's time to fix the hardware. -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners
Current thread:
- Where else? Hung Vu (Nov 16)
- Re: Where else? Michel Arboi (Nov 18)
- Re: Where else? Justin Lundy (Nov 18)
- Re: Where else? dullien (Nov 18)
- Re: Where else? Pavel Kankovsky (Nov 18)
- Re: Where else? Mariusz Woloszyn (Nov 19)
- Re: Where else? Hung Vu (Nov 20)