On Tue, 2005-01-18 at 23:55 +0100, Lorenzo Hernández GarcÃa-Hierro wrote: > Also, maybe an ExecShield specific test (see [1] and [2]) and possibly a > few other tests related with BSD Jails. > [1]: http://212.130.50.194/papers/attack/ExploitingFedora.txt fwiw this paper is about exploiting prelink more than execshield; the proposed technique only works because the system was prelinked (without prelink every time you start a program all addresses get randomized, with prelink the addresses randomize every 2 weeks) and the "security sensitive" application was not made a PIE. The first makes it really hard to write generic exploits (but means you can do a local based attack within 2 weeks), the second means that the exploit technique only works for a subset of programs; in Fedora most (if not all) network daemons and a bunch of other things are PIE, and there even is an entire gentoo distribution which is entirely PIE.
This archive was generated by hypermail 2.1.3 : Wed Jan 19 2005 - 00:34:53 PST