On Fri, 16 Nov 2001, Hung Vu wrote: > To execute arbitrary code on a system one can overwrite: > - Return addresses on the stack > - function pointers > - Longjump buffers > - GOT tables > - Dtors > - _atexit stuff > - GLibc hooks > Local variables and parameters on the stack (beyond RET), specialy pointers may be sufficient to copy shellcode and pass execution to any other rwx segments. No wx segments means perfect security. It's time to fix the hardware. -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 08:48:55 PST