On Monday, 4 October 2004 21.51, Örn Hansen wrote:
måndag 04 oktober 2004 18:54 skrev Anders Johansson:
I have no idea what you're talking about, what technology would that be?
A quick google gave this:
Thank you for a nice pointer, it just proved my point ... to use any of these exploits, you need comprehensive knowledge of the code and program to be exploited.
Yes, you're right, every exploit ever created was produced by someone with access to the source. No one could ever exploit any program ever without knowing how it was programmed
The examples above, use an exploit on argv ... but they rely on that a certain argv pointer is used as a variable to execl.
Second, in a properly implemented virtual memory manager ... data pages are not executable, and code pages are not writable. And a very well implemented memory management, will mark data pages that are loaded at runtime (program data) , as read-only (constants). Of course, that leaves variables vulnerable to being overrun, if the program doesn't care to verify that any buffered input, doesn't overflow. But, what the effect of such an action is, greatly depends on the program, the code and requires in depth knowledge of that particular scenario. The good old days, of simple "overflow the stack, to return to a data page to execute code read into the buffer", are gone. Or should be, unless someone didn't read the Computer Science textbooks right... never really thought the stuff needed to be read over and over again, it's sorta obvious.
I'm sure Theo de Raadt will be glad to hear he can retire now. All he needs to do is allocate everything on the heap and the world will be a safer place. And the NSA should be prosecuted for misuse of public funds for that SELinux stuff, clearly a waste, all they need is a heap and a memory manager implemented according to the computer science text books. Not to mention all that Common Critera nonsense, those guys obviously never studied computer science, imagine wasting all those millions when all they needed was a heap