Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: bjk4 () PO CWRU EDU (Benjamin Karas)
Date: Wed, 5 Jul 2000 10:45:22 -0400

On Tue, 4 Jul 2000, Stephen J. Friedl wrote:


Except on the most unbelivably bizarre platforms, these parameters are
generally passed on the stack in the usual order for that architecture. On
the Intel machines, for instance, they params are push right to left and
the stack grows down. Other architectures can and do either of these
differently.


I just wanted to point out that the PowerPC is one of the unbelievably bizarre
platforms -- it passes parameters in registers.  I've also seen some pretty
strange stuff on OpenBSD with parameter passing.

For those who are curious, exploiting a PowerPC program can be a bit more
difficult than an x86 program.  First, PPC code is optimized such that frames
are 32 *byte* aligned.  I've been told this is becuase of how the PPC cache
works.  Furthermore, strings and stuff are 4 byte aligned.  This all means
that there are often unused bytes on the stack.  This means strings might not
be adjacent on the stack, which eliminates the attacks described in Phrack 56,
article 0x0e.

Another difficulty is that a lot of opcodes in PPC assembly contain zeros in
them (each is 4 bytes long).

I just wanted to point these things out.  Running a server on PPC hardware
might be slightly more secure than Intel simply from an obscurity standpoint.

-Ben Karas
Previous By Date Next
Previous By Thread Next

Current thread: