----- Original Message ----- > From: "David R. Piegdon" <fleshyCPUat_private> > [...] > > now the question: can we use this buffer overflow? > actually in this case not, because the allocation of the buffer is done > with malloc. on linux at least :) malloc does not use the stack but it > uses the HEAP. Just because Linux may allocate the memory on the heap doesn't mean it can't be overflowed. This is a comon misconception that bites a lot of us. (Chances are you already know this) You could muck with it and trick the free into overwriting arbitrary memory locations with exploit data. There is a pretty good paper on this over at: http://www.w00w00.org/files/articles/heaptut.txt. Although heap overflows are much harder to predict and architect, it is still quite possible. I wouldn't count on the fact Linux uses the heap as a saving grace against an attack like this. --- Regards, Dana M. Epp
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 15:42:10 PDT