-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
So 0x02020202 is a no-op? (somebody finally gets why the randomization range must be > the size of the stack?) linux-os wrote: [...] >> pointing back into that buffer needs the address of that buffer. That >> buffer is on the stack, which is now randomized. >> > > Wrong concept. Your exploit program simply needs fill with a guad- > byte offset such as 0x02020202 and put your payload at that > offset. You don't care where the stack-pointer is. You find > out how many bytes of 0x02 are necessary to get to that offset > on an experimental system, it is independent of the stack-pointer > value. It depends only upon the size of the buffer you are > exploiting, which needs to not change, of course. > > When the return instruction occurs, one of those 0x02020202 > will be encountered and your payload gets executed next. > > Note that you should chose a different repeating-byte > than I have used here. Get the address of _end on a 'C' > program for hints. > > > Cheers, > Dick Johnson > Penguin : Linux version 2.6.10 on an i686 machine (5537.79 BogoMips). > Notice : All mail here is now cached for review by Dictator Bush. > 98.36% of all statistics are fiction. > - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+VLphDd4aOud5P8RAv5YAJ0QEBPyP+KMRS1Ua184KGJo3cw9EQCfc03J SwDI0Zae2W5L03xHLXIkDdg= =1+Xl -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/