Mailinglist Archive: opensuse (4020 mails)
| < Previous | Next > |
Re: [SLE] spyware
- From: Örn Hansen <orn.hansen@xxxxxxxxxx>
- Date: Mon, 4 Oct 2004 21:51:13 +0200
- Message-id: <200410042151.23999.orn.hansen@xxxxxxxxxx>
måndag 04 oktober 2004 18:54 skrev Anders Johansson:
>
> I have no idea what you're talking about, what technology would that be?
>
> A quick google gave this:
>
> http://www.vnsecurity.net/data/library/heaptut.txt
Thank you for a nice pointer, it just proved my point ... to use any of
these exploits, you need comprehensive knowledge of the code and program to
be exploited. The examples above, use an exploit on argv ... but they rely
on that a certain argv pointer is used as a variable to execl.
Second, in a properly implemented virtual memory manager ... data pages are
not executable, and code pages are not writable. And a very well implemented
memory management, will mark data pages that are loaded at runtime (program
data) , as read-only (constants). Of course, that leaves variables
vulnerable to being overrun, if the program doesn't care to verify that any
buffered input, doesn't overflow. But, what the effect of such an action is,
greatly depends on the program, the code and requires in depth knowledge of
that particular scenario. The good old days, of simple "overflow the stack,
to return to a data page to execute code read into the buffer", are gone. Or
should be, unless someone didn't read the Computer Science textbooks
right ... never really thought the stuff needed to be read over and over
again, it's sorta obvious.
>
> I have no idea what you're talking about, what technology would that be?
>
> A quick google gave this:
>
> http://www.vnsecurity.net/data/library/heaptut.txt
Thank you for a nice pointer, it just proved my point ... to use any of
these exploits, you need comprehensive knowledge of the code and program to
be exploited. The examples above, use an exploit on argv ... but they rely
on that a certain argv pointer is used as a variable to execl.
Second, in a properly implemented virtual memory manager ... data pages are
not executable, and code pages are not writable. And a very well implemented
memory management, will mark data pages that are loaded at runtime (program
data) , as read-only (constants). Of course, that leaves variables
vulnerable to being overrun, if the program doesn't care to verify that any
buffered input, doesn't overflow. But, what the effect of such an action is,
greatly depends on the program, the code and requires in depth knowledge of
that particular scenario. The good old days, of simple "overflow the stack,
to return to a data page to execute code read into the buffer", are gone. Or
should be, unless someone didn't read the Computer Science textbooks
right ... never really thought the stuff needed to be read over and over
again, it's sorta obvious.
| < Previous | Next > |