|
Bugtraq
mailing list archives
Re: Smashing the stack on a DEC Alpha
From: proff () suburbia net (Julian Assange)
Date: Fri, 17 Jan 1997 18:51:35 +1100
If I recall, and I could be wrong here, the stack is marked as
non-executable on that platform, and as a result, the system won't
execute code placed there.
Don't quote me on that though.
dreamer
This is the case. The heap however is a different story. DEC's
design policy left exec bits on for the heap and various library
statics as a legacy for interactive dynamically compiled languages.
As such it the architecture still suffers from buffer overruns,
but requires a two pronged attack; PC adjustment via the stack to
code on the heap. The are other not insurmountable difficulties
with exploiting OSF code - this generally relates to the delayed
binding of the dynamic library system.
Cheers,
Julian <proff () iq org>
 By Date 
By Thread
Current thread:
- Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH, (continued)
|
Intro
