Re: looking for recursion stack overflow exploit

[Liudvikas Bukys <bukys () cs rochester edu>, ilja () idefense be]

Thanks for the suggestions on possible uses of recursion stack overflow.

FYI, the reason I ask is because I discovered an unexpectedly easy way
to cause arbitrarily deep recursion in a piece of very commonly-deployed
software.  If ANYONE could point out to me any example of recursion stack
overflow leading to remote execution, I'd dig a lot harder.

At this point, nobody has identified a known exploit like this, but the
idea of overflows among thread stacks is getting close -- if thread
stack environments are really unsafe enough.

So: How safe are the threads implementations on common platforms?
It looks like Unix threaded web servers typically use POSIX threads.
(Of course, most Unix web servers are pre-forked non-threaded Apache 1.x.)
I assume the Windows threaded web servers use native threads,
perhaps through a POSIX glue library.

That's the next thing I'll be looking at.
If anybody knows already, information would be welcome.

If it turns out that recusion stack overflows in any or all of these
thread implementations spill over onto the execution environment of
other threads, then, well -- this may be easier to exploit than you think.

Keep those cards a letters coming.
Thanks.

Liudvikas Bukys
bukys () cs rochester edu