On Sat, 9 Nov 2002 01:09, you wrote: > On Thu, 2002-11-07 at 19:11, John Summerfield wrote: > > On IA32, if it's not in the code segment, you can't execute it. > > > > The code segment _can_ be ro, so presumably a return to arbitrary code > > can be prevented. > > I dont need to modify any of the code segment to exploit your machine. > In fact several exploits work on the basis they overrun a stack section > with a complete return sequence including variables to cause an > execlp("/bin/sh", ...) to occur. No code changes needed
Is this a reason to not close down those avenues that are easy? Seems to me that if you fix some, you have fewer left to fix. As the philospher said, a journey of a thousand leagues starts with a single step. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb