Bugtraq mailing list archives
Re: Smashing the stack on a DEC Alpha
From: proff () suburbia net (Julian Assange)
Date: Fri, 17 Jan 1997 18:51:35 +1100
If I recall, and I could be wrong here, the stack is marked as non-executable on that platform, and as a result, the system won't execute code placed there. Don't quote me on that though. dreamer
This is the case. The heap however is a different story. DEC's design policy left exec bits on for the heap and various library statics as a legacy for interactive dynamically compiled languages. As such it the architecture still suffers from buffer overruns, but requires a two pronged attack; PC adjustment via the stack to code on the heap. The are other not insurmountable difficulties with exploiting OSF code - this generally relates to the delayed binding of the dynamic library system. Cheers, Julian <proff () iq org>
Current thread:
- Re: BoS: serious security bug in wu-ftpd v2.4 Dave Kinchlea (Jan 05)
- BoS: serious security bug in wu-ftpd v2.4 -- PATCH Dave Kinchlea (Jan 05)
- Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH Henrik P Johnson (Jan 12)
- Stronghold v1.3.3: Security Release Sean B. Hamor (Jan 13)
- [linux-security] SECURITY: Important bug fix for /sbin/login Erik Troan (Jan 16)
- Smashing the stack on a DEC Alpha Lamont Granquist (Jan 16)
- Re: Smashing the stack on a DEC Alpha Digital Dreamer (Jan 16)
- Re: Smashing the stack on a DEC Alpha Julian Assange (Jan 16)
- FreeBSD Security Advisory: SA-96:21 - talkd FreeBSD Security Officer (Jan 18)
- Re: FreeBSD Security Advisory: SA-96:21 - talkd Theo de Raadt (Jan 20)
- talkd problem Theo de Raadt (Jan 20)
- Re: talkd problem David Holland (Jan 20)
- Smashing the stack Zygo Blaxell (Jan 20)
- Re: Smashing the stack David Holland (Jan 20)
- Re: Smashing the stack Bill Sommerfeld (Jan 21)
- BoS: serious security bug in wu-ftpd v2.4 -- PATCH Dave Kinchlea (Jan 05)
- [linux-security] write(1) leak David Holland (Jan 19)
- [linux-security] write(1) leak David Holland (Jan 20)