Dailydave: Re: re: PaX PoC-exploit.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: re: PaX PoC-exploit.

From: Sinan Eren <sinan.eren () immunitysec com>
Date: Thu, 6 May 2004 13:42:32 -0400 (EDT)


i am happy that Joel came up with that unnecessary and much pointless poc  
code, here you GO! we end up learning something of this novel and smart:
"""
pageexec () freemail hu wrote:

as i said, only for the trivial case (/lib/ld-linux.so.2 /mnt/nonexec/app),
you can still construct a special ELF without executable PT_LOAD segments
that would overlap the stack and do a ret2libc to mprotect then execute
itself - that was the PoC i was referring to (and that's what won't work
under PaX).

"""

this is a real cool technique!

thanks,
-sinan
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

re: PaX PoC-exploit., (continued)
- re: PaX PoC-exploit. pageexec (May 02)
  - Re: re: PaX PoC-exploit. Joel Eriksson (May 02)
    - Re: re: PaX PoC-exploit. pageexec (May 03)
    - Re: re: PaX PoC-exploit. Joel Eriksson (May 04)
    - Message not available
    - Re: re: PaX PoC-exploit. pageexec (May 04)
    - Re: re: PaX PoC-exploit. Sinan Eren (May 06)
    - Re: re: PaX PoC-exploit. Nahual (May 06)
    - Re: re: PaX PoC-exploit. Nenad Stojanovski (May 06)
    - Re: re: PaX PoC-exploit. Joel Eriksson (May 06)
    - Re: re: PaX PoC-exploit. ned (May 06)
    - Re: re: PaX PoC-exploit. Joel Eriksson (May 07)