On Sat, 31 Mar 2001, Tim Yardley wrote:
> As always, there are always ways to improve things. This version of the
> exploit posted here previously overwrites the dl _start routine and doesnt
> modify eip. This will help on stack non-exec systems and doesnt require
> you to calculate the bss offset. I didn't test it, but this should still
> work on a stackguard compiled program as well.
This works on my RH 6.2 w/ 2.2.16-3. I see that Redhat released a 2.2.17
RPM on 2/8/2001 with 'ptrace' as one of the keywords. Does anyone know if
this RPM addresses the problem?
Viraj.