On Thu, 2002-11-07 at 19:11, John Summerfield wrote: > On IA32, if it's not in the code segment, you can't execute it. > > The code segment _can_ be ro, so presumably a return to arbitrary code can be > prevented.
I dont need to modify any of the code segment to exploit your machine.
In fact several exploits work on the basis they overrun a stack section
with a complete return sequence including variables to cause an
execlp("/bin/sh", ...) to occur. No code changes needed
