Vulnerability Development mailing list archives

Re: Where else?

From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Mon, 19 Nov 2001 13:07:05 +0100 (EET)

On Fri, 16 Nov 2001, Hung Vu wrote:

To execute arbitrary code on a system one can overwrite:
      - Return addresses on the stack
      - function pointers
      - Longjump buffers
      - GOT tables
      - Dtors
      - _atexit stuff 
      - GLibc hooks

Local variables and parameters on the stack (beyond RET), specialy
pointers may be sufficient to copy shellcode and pass execution to any
other rwx segments.
No wx segments means perfect security.
It's time to fix the hardware.

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

Current thread:

Where else? Hung Vu (Nov 16)
- Re: Where else? Michel Arboi (Nov 18)
- Re: Where else? Justin Lundy (Nov 18)
- Re: Where else? dullien (Nov 18)
- Re: Where else? Pavel Kankovsky (Nov 18)
- Re: Where else? Mariusz Woloszyn (Nov 19)
  - Re: Where else? Hung Vu (Nov 20)