Re: solaris gdb screen mayhem

From: Antonomasia (antat_private)
Date: Mon Sep 03 2001 - 12:16:38 PDT

Next message: Gordon Messmer: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"

Previous message: quentynat_private: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: corecode <corecodeat_private>
Subject: Re: solaris gdb screen mayhem
Cc: vuln-devat_private

>I've been attempting a white-hat "exploit" to run some demo code
>on the stack on Solaris.  The aim is to show whether the non-executable
>stack is in force (and the /etc/system file may not be a reliable guide
>to this if modified since last boot or something).

I am using a suggestion I got off-list.  Thanks for all responses.

> Apart from your gdb mayhem, why not check the status of the
> "noexec_user_stack" flag by querying the running kernel? 
> 
> This requires root privs, but is definitely easier than exploiting a
> buffer overflow.
> 
> # mdb -k    ( or adb if Solaris 7 or below )
> Loading modules: [ unix krtld genunix ufs_log ip nfs random ipc lofs
>                    ptm logindmux ]
> 
> > noexec_user_stack/X
> noexec_user_stack:
> noexec_user_stack:              0       

--
##############################################################
# Antonomasia   ant notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Next message: Gordon Messmer: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
Previous message: quentynat_private: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 03 2001 - 13:06:17 PDT