Anders, On Monday 04 October 2004 13:12, Anders Johansson wrote:
On Monday, 4 October 2004 21.51, Örn Hansen wrote:
måndag 04 oktober 2004 18:54 skrev Anders Johansson:
I have no idea what you're talking about, what technology would that be?
A quick google gave this:
Thank you for a nice pointer, it just proved my point ... to use any of these exploits, you need comprehensive knowledge of the code and program to be exploited.
Yes, you're right, every exploit ever created was produced by someone with access to the source. No one could ever exploit any program ever without knowing how it was programmed
Yes and no (depending on what you mean by "how it was programmed"). One thing we don't yet have is computers (general-purpose, desktop-style computers) that can execute a program that cannot be examined, albeit in machine code form, by the person who's executing it. A diligent programmer with good tools who understands code at the assembly / machine level and understands the hardware, compiler and operating system architectural model can devise exploits without recourse to the C or C++ or assembly source code. In fact, given that stack overflow exploits (one variety, anyway) are about hijacking the execution path by overwriting the return address on the call stack, some aspects of devising such hacks are probably facilitated by examining the assembly / machine code instructions rather than the higher-level program source code. But of course, having that source code is an immense aid in devising hacks.
...
Randall Schulz