måndag 04 oktober 2004 18:54 skrev Anders Johansson:
I have no idea what you're talking about, what technology would that be?
A quick google gave this:
Thank you for a nice pointer, it just proved my point ... to use any of these exploits, you need comprehensive knowledge of the code and program to be exploited. The examples above, use an exploit on argv ... but they rely on that a certain argv pointer is used as a variable to execl. Second, in a properly implemented virtual memory manager ... data pages are not executable, and code pages are not writable. And a very well implemented memory management, will mark data pages that are loaded at runtime (program data) , as read-only (constants). Of course, that leaves variables vulnerable to being overrun, if the program doesn't care to verify that any buffered input, doesn't overflow. But, what the effect of such an action is, greatly depends on the program, the code and requires in depth knowledge of that particular scenario. The good old days, of simple "overflow the stack, to return to a data page to execute code read into the buffer", are gone. Or should be, unless someone didn't read the Computer Science textbooks right ... never really thought the stuff needed to be read over and over again, it's sorta obvious.