linux 2.6 stack randomization

[tim-pentest at sentinelchicken.org (Tim)]

Hello,

This is kinda off-topic, but if you know of any links to point me to,
I'd appreciate it.


> although on Linux you tend to lose portability quickly for certain types
> of regions, like text segments.  There have been papers outling how to
> take advantage of the new vsyscall mapping for exploitation, so that

I noticed Fedora Core 4, and possibly earlier versions, have a libc set
up where most/all addresses contain a NULL byte in them.  In this
situation, is there any easy way to get return-into-libc exploits to
work?  Doesn't seem possible, since things like sprintf() can't even be
called with arguments...

thanks,
tim