oss-sec mailing list archives
Re: Offset2lib: bypassing full ASLR on 64bit Linux
From: Seth Arnold <seth.arnold () canonical com>
Date: Fri, 5 Dec 2014 19:41:04 -0800
On Sat, Dec 06, 2014 at 01:44:31AM +0100, Hanno Böck wrote:
https://bugzilla.gnome.org/show_bug.cgi?id=741183I tried to dig into this a bit. I'm not really sure, but based on the output I assume nautilus is relying on file or libmagic to assess the file type. And that's what fails: $ file --mime-type pie pie: application/x-sharedlib It seems there is no really easy way to separate executables from shared libraries and whether this should be considered a bug in file/libmagic. The only thing I quickly found that would be possible is searching if a SONAME is present. libmagic uses some "magic" file format to parse files, I don't know if that's capable of such complex parsing.
A far better mechanism in Nautilus would be to use execve(2) on the pathname and see if it executes. Nautilus will never be good at guessing which files are actually executable on a given system and it is ridiculous for it to try to guess. It should just execute the selected file and if that fails, report the failure to the user. One goofy filemanager doing something silly ought not stop Mozilla from shipping a safer Firefox. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: Offset2lib: bypassing full ASLR on 64bit Linux, (continued)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Paul Pluzhnikov (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Kahn Gillmor (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski (Dec 05)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Message not available
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)