oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Offset2lib: bypassing full ASLR on 64bit Linux

From: Hanno Böck <hanno () hboeck de>
Date: Sat, 6 Dec 2014 01:44:31 +0100
On Fri, 05 Dec 2014 17:43:44 -0500
Daniel Kahn Gillmor <dkg () fifthhorseman net> wrote:


i couldn't find a reference to this in the nautilus bugtracker, so i
just posted:

 https://bugzilla.gnome.org/show_bug.cgi?id=741183


I tried to dig into this a bit. I'm not really sure, but based on the
output I assume nautilus is relying on file or libmagic to assess the
file type.

And that's what fails:
$ file --mime-type pie
pie: application/x-sharedlib


It seems there is no really easy way to separate executables from
shared libraries and whether this should be considered a bug in
file/libmagic. The only thing I quickly found that would be possible is
searching if a SONAME is present. libmagic uses some "magic" file
format to parse files, I don't know if that's capable of such complex
parsing.

(oh, btw, this is one more reason to wipe out potential security bugs
in file...)

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: