Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: solaris gdb screen mayhem

From: ant () notatla demon co uk (Antonomasia)
Date: Mon, 3 Sep 2001 20:16:38 +0100 (BST)
From: corecode <corecode () corecode ath cx>
Subject: Re: solaris gdb screen mayhem
Cc: vuln-dev () securityfocus com


I've been attempting a white-hat "exploit" to run some demo code
on the stack on Solaris.  The aim is to show whether the non-executable
stack is in force (and the /etc/system file may not be a reliable guide
to this if modified since last boot or something).


I am using a suggestion I got off-list.  Thanks for all responses.


Apart from your gdb mayhem, why not check the status of the
"noexec_user_stack" flag by querying the running kernel? 

This requires root privs, but is definitely easier than exploiting a
buffer overflow.

# mdb -k    ( or adb if Solaris 7 or below )
Loading modules: [ unix krtld genunix ufs_log ip nfs random ipc lofs
                   ptm logindmux ]


noexec_user_stack/X

noexec_user_stack:
noexec_user_stack:              0       


--
##############################################################
# Antonomasia   ant notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################
Previous By Date Next
Previous By Thread Next

Current thread: