<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Solaris 7 x86 lpset exploit.

Re: Solaris 7 x86 lpset exploit.

From: Peter da Silva <peter_at_GRENDEL.ENG.BAILEYNM.COM>
Date: Mon, 1 May 2000 10:59:00 -0500

In article <200004291624.MAA19828_at_twig.rodents.montreal.qc.ca>,
der Mouse <mouse_at_RODENTS.MONTREAL.QC.CA> wrote:
> data around. Another possible way around it would be to cause gcc to
> keep part of the stack in the data segment, out of what the kernel
> thinks of as the stack, and have it do its trampolines there. This
> runs into big problems with setjmp and other nonlocal exits, and
> possibly with signal handlers as well.)

You could handle that by having a frame pointer on the processor stack
point into the function's executable stack frame (if it has one) on the
trampoline stack, rather than having a permanent stack pointer into this
space. I don't think there would be any issues with this, unless you're
trying to use setjmp/longjmp for coroutines or something perverse like
that.
Received on May 02 2000

This message: [ Message body ]
Next message: Valdis.Kletnieks_at_VT.EDU: "Re: aaa_base still vulnerable after upgrade"
Previous message: deepquest_at_NETSCAPE.NET: "INFO:AppleShare IP 6.3.2 squashes security bug"
Maybe in reply to: Casper Dik: "Re: Solaris 7 x86 lpset exploit."
Next in thread: der Mouse: "Re: Solaris 7 x86 lpset exploit."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos