On Sat, 9 Nov 2002 01:09, you wrote:
> On Thu, 2002-11-07 at 19:11, John Summerfield wrote:
> > On IA32, if it's not in the code segment, you can't execute it.
> >
> > The code segment _can_ be ro, so presumably a return to arbitrary code
> > can be prevented.
>
> I dont need to modify any of the code segment to exploit your machine.
> In fact several exploits work on the basis they overrun a stack section
> with a complete return sequence including variables to cause an
> execlp("/bin/sh", ...) to occur. No code changes needed
Is this a reason to not close down those avenues that are easy? Seems to me
that if you fix some, you have fewer left to fix.
As the philospher said, a journey of a thousand leagues starts with a single
step.
--
Cheers
John Summerfield
Microsoft's most solid OS: http://www.geocities.com/rcwoolley/
Join the "Linux Support by Small Businesses" list at
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
