Vulnerability Development mailing list archives
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: Gerardo Richarte <gera () corest com>
Date: Wed, 07 Jan 2004 18:52:13 -0300
Alex Schütz wrote:
Thinking this farther, we are going to force the exploit developer to bring along his own binary code of /bin/bash. This may not be possible in every case, since the buffer overflow cannot hold so much data.
Embeding more than a 'execve("/bin/sh")' as egg is not a oh so crazy idea, take a look at, for example: - Syscall Proxying http://www1.corest.com/common/showdoc.php?idx=259&idxseccion=11 - grugq's excelent Userland Exec http://www.securityfocus.com/archive/1/348638/2003-12-28/2004-01-03/0 - InlineEgg http://oss.corest.com/projects/inlineegg.html http://community.corest.com/~gera/ProgrammingPearls/InlineEgg.html - ShellForge www.secdev.org/shellforge.html - MOSDEF http://www.immunitysec.com/MOSDEF/ And quite a few other similar things and projects I know some other people is working on. So, as usuall with too simple security protections, it's good to do it, unless you are going to believe that you are ANY safer by doing it. So, in short... why to do it if after doing so you can't feel safer? gera
Current thread:
- Any takers? Revisiting mremap() Jeremy Junginger (Jan 06)
- Message not available
- Thwarting /bin/bash, an anti-overflow concept ? Alex Schütz (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Josh Bressers (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Bruno Lustosa (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Kenneth Peiruza (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? security (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Gerardo Richarte (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Valdis . Kletnieks (Jan 07)
- Thwarting /bin/bash, an anti-overflow concept ? Alex Schütz (Jan 07)
- Message not available