淘客熙熙

主题:一篇讲memory overflow导致被攻击的文章 -- yueyu

共:💬64 🌺34
全看分页树展 · 主题
家园 一篇讲memory overflow导致被攻击的文章

这篇paper很有趣,也很有用。

扪心自问,我们几个人真正考虑代码的安全性了?有几个人的代码经得起安全专家的推敲的?

我记得以前看关于secure codes方面的paper,一边看,一边流冷汗。我觉得自己已经够nerd的了,但山外有山

http://insecure.org/sploits/non-executable.stack.problems.html

哪位同学有空,可以翻译出来以饷同好

http://insecure.org/sploits/non-executable.stack.problems.html

Defeating Solar Designer's Non-executable Stack Patch

Summary

Description: A very interesting paper on defeating non-executable stack patches. It goes through the steps needed to exploit the XServer <LONGDISPLAY> hole in Linux even with a non-execute patch.

Author: Rafal Wojtczuk <[email protected]>

Compromise: root (local)

Vulnerable Systems: This just shows (as Solar Designer is well aware) that in some cases the non-executable stack patch can be subverted via sneaky techniques.

Date: 30 January 1998

Notes: Solar Designer's respons is in the addendum.

Details

Date: Fri, 30 Jan 1998 18:09:35 +0100

From: Rafal Wojtczuk <[email protected]>

To: [email protected]

Subject: Defeating Solar Designer non-executable stack patch

-=[ Defeating Solar Designer's Non-executable Stack Patch ]=-

Text and souce code written by Rafal Wojtczuk ( [email protected] )

Section I. Preface

The patch mentioned in the title has been with us for some time. No doubt it

stops attackers from using hackish scripts; it is even included in

just-released Phrack 52 as a mean to harden your Linux kernel. However, it

seems to me there exist at least two generic ways to bypass this patch fairly

easily ( I mean its part that deals with executable stack ). I will explain

the details around section V.

Before continuing, I suggest to refresh in your memory excellent

Designer's article about return-into-libc exploits. You can find it at

http://www.geek-girl.com/bugtraq/1997_3/0281.html

"I recommend that you read the entire message even if you aren't

running Linux since a lot of the things described here are

applicable to other systems as well."

from the afore-mentioned Solar Designer's article

更多的,大家有兴趣,我们再仔细讨论。

iphone就是这么被破解滴


本帖一共被 1 帖 引用 (帖内工具实现)
全看分页树展 · 主题


有趣有益,互惠互利;开阔视野,博采众长。
虚拟的网络,真实的人。天南地北客,相逢皆朋友

Copyright © cchere 西西河