Date: Sun, 19 Jul 1998 22:13:40 -0600 From: Warner Losh <imp@village.org> To: Brett Glass <brett@lariat.org> Cc: dg@root.com, Archie Cobbs <archie@whistle.com>, security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807200413.WAA08927@harmony.village.org> In-Reply-To: Your message of "Sun, 19 Jul 1998 22:00:53 MDT." <199807200400.WAA08903@lariat.lariat.org> References: <199807200400.WAA08903@lariat.lariat.org> <Your message of "Sun, 19 Jul 1998 20:10:39 MDT." <199807200210.UAA07188@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199807200400.WAA08903@lariat.lariat.org> Brett Glass writes: : Unfortunately, without the use of call gates, there are still some : exploits that can be done. But far fewer.... You need to know : exactly where things are mapped in order to push the addresses of : library routines as return addresses. For any given release, this is easy. Not as easy as knowing the high bits of the stack address, but still fairly easiy. nm is your friend. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807200413.WAA08927>