I took a look, and I was unable to send any of those two signals to apache during the faulty memcpy(). On Thu, 20 Jun 2002 18:40:55 -0400 (EDT) Michal Zalewski <lcamtufat_private> wrote: ... > This is not to say that delivering signals is not the way to exploit > problems like that - conditions that would otherwise lead directly to SEGV > because of access to non-allocated memory, for example. Quite > (un)fortunately, there are only two signals that could be perhaps > delivered to Apache (which, keep in mind, is running as a standalone > daemon) - SIGPIPE and SIGURG - that is, if they are not ignored and if the > handler does something interesting, which I'm not so sure about (but > haven't looked in a while). > > -- > _____________________________________________________ > Michal Zalewski [lcamtufat_private] [security] > [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: > =-=> Did you know that clones never use mirrors? <=-= > http://lcamtuf.coredump.cx/photo/ >
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 04:10:23 PDT