|
Vulnerability Development
mailing list archives
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: Gerardo Richarte <gera () corest com>
Date: Wed, 07 Jan 2004 18:52:13 -0300
Alex Schütz wrote:
Thinking this farther, we are going to force the exploit developer to
bring along his own binary code of /bin/bash. This may not be possible
in every case, since the buffer overflow cannot hold so much data.
Embeding more than a 'execve("/bin/sh")' as egg is not a oh so crazy idea, take a look at, for example:
- Syscall Proxying
http://www1.corest.com/common/showdoc.php?idx=259&idxseccion=11
- grugq's excelent Userland Exec
http://www.securityfocus.com/archive/1/348638/2003-12-28/2004-01-03/0
- InlineEgg
http://oss.corest.com/projects/inlineegg.html
http://community.corest.com/~gera/ProgrammingPearls/InlineEgg.html
- ShellForge
www.secdev.org/shellforge.html
- MOSDEF
http://www.immunitysec.com/MOSDEF/
And quite a few other similar things and projects I know some other people is working on.
So, as usuall with too simple security protections, it's good to do it, unless you are going to believe that
you are ANY safer by doing it. So, in short... why to do it if after doing so you can't feel safer?
gera
 By Date 
By Thread
Current thread:
- Thwarting /bin/bash, an anti-overflow concept ?, (continued)
|
Intro
