Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: some PaX Q&A
From: der Mouse <mouse () RODENTS MONTREAL QC CA>
Date: Fri, 3 Nov 2000 17:48:57 -0500

[PaX] reduces the ways [a buffer] overflow can be (ab)used by an
attacker. namely, only already existing executable code (in the given
tasks's address space) can be executed, but *NEVER* the payload (as
long as no read/write/exec pages exist in the task, [...]).

What's to stop the attack from doing the bounce-off-libc trick to call
mprotect() to make the relevant page RO and executable, then into the
payload?

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


  By Date           By Thread  

Current thread:
  • some PaX Q&A PaX (Nov 03)
    • <Possible follow-ups>
    • Re: some PaX Q&A der Mouse (Nov 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]