Date: Mon, 29 Jun 1998 10:35:45 -0600 From: Warner Losh <imp@village.org> To: Vadim Kolontsov <vadim@tversu.ru> Cc: security@FreeBSD.ORG Subject: Re: non-executable stack? Message-ID: <199806291635.KAA18811@harmony.village.org> In-Reply-To: Your message of "Mon, 29 Jun 1998 18:52:30 %2B0400." <19980629185230.A16373@tversu.ru> References: <19980629185230.A16373@tversu.ru> <pfm@slack.net> <E0yprtC-0006B4-00@oak67.doc.ic.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
: > execve of certain processes. We still don't know if this will have any : > effect on security though, since no-one has checked to see if its possible : > to write shellcode using just printable ASCII. You can. I've seen an example of how to do that, but didn't bother to save it. I've also seen how to do the same with DNS packets, which must be nearly all in the range [a-zA-Z0-9-]+. I've not seen an example of this on Sparc, MIPS or Alpha, but have been told by someone that I believe that he has code like this that fits the bill. The Alpha was the hardest, evidentally, for reasons that he didn't elaberate on. In message <19980629185230.A16373@tversu.ru> Vadim Kolontsov writes: : When I played with assembler under FreeBSD, I've created a version of such : code. Basically it contains a little "decoder" which unpacks specially : prepared shell code (I've solved almost the same problem programming : self-unpacking UUENCODE files). For those that think this is hard, you might want to check out KERMIT.BOO. This is a completely printable file that is used to bootstrap the kermit installation process a long time ago (and maybe still even today). Checks for printable vs non-printable are bogus and don't buy any extra security at the cost of inconvenience. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806291635.KAA18811>