Vulnerability Development mailing list archives
Re: Linux exploits and random post-argv/ envp injection
From: Gerardo Richarte <gera () corest com>
Date: Mon, 15 Mar 2004 12:39:40 -0300
Inventor UCL wrote:
Hi All, I noticed something when playing around with exploits on linux and wanted to ask if anyone knows more about it. When I run the same test program with the same envp/argv that just prints its esp, it outputs a different value everytime.
On some linux (depends on kernel version and features), this is just a fact: the stack address changes from process to process. It doesn't vary a lot (lets say around 1,2,3 or 4 pages (x4096 bytes). This doesn't have to do with any security patch (although this might be another reason, as Valdis Kletnieks) explained. As a friend explained to me, on some linux kernels they had some kind of problem when running on a multiprocessor boxes, and they "solved" it by randomizing stack addresses... that's pretty much what I know... I also know that when writing exploits, not only padding is unexpectedly added, but also the addresses can randomly change (the solution is absolutely different when the change is not the result of a security patch, mainly because the deltas are not so big). gera
Current thread:
- Linux exploits and random post-argv/ envp injection Inventor UCL (Mar 11)
- Re: Linux exploits and random post-argv/ envp injection Valdis . Kletnieks (Mar 14)
- Re: Linux exploits and random post-argv/ envp injection Gerardo Richarte (Mar 15)