Vulnerability Development mailing list archives

Re: Linux exploits and random post-argv/ envp injection

From: Valdis.Kletnieks () vt edu
Date: Fri, 12 Mar 2004 23:25:40 -0500

On Thu, 11 Mar 2004 05:06:27 GMT, Inventor UCL <digiwind () hotmail com>  said:

Looks like Linux's sys_exec() injects a random number of zeroes between the argv/envp and the stack frame for main(), 
i.e. stack:


Sounds like you're running a Linux kernel that's had either the PAX/Grsecurity
patch (from http://pax.grsecurity.net), or the ExecShield code that RedHat did
added to it (in recent Fedora) - both will add non-executable stack support and
some randomization of addresses, for exactly the reasons you noted.

Attachment: _bin
Description:

Current thread:

Linux exploits and random post-argv/ envp injection Inventor UCL (Mar 11)
- Re: Linux exploits and random post-argv/ envp injection Valdis . Kletnieks (Mar 14)
- Re: Linux exploits and random post-argv/ envp injection Gerardo Richarte (Mar 15)