Bugtraq mailing list archives
Re: some PaX Q&A
From: der Mouse <mouse () RODENTS MONTREAL QC CA>
Date: Fri, 3 Nov 2000 17:48:57 -0500
[PaX] reduces the ways [a buffer] overflow can be (ab)used by an attacker. namely, only already existing executable code (in the given tasks's address space) can be executed, but *NEVER* the payload (as long as no read/write/exec pages exist in the task, [...]).
What's to stop the attack from doing the bounce-off-libc trick to call mprotect() to make the relevant page RO and executable, then into the payload? der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- some PaX Q&A PaX (Nov 03)
- <Possible follow-ups>
- Re: some PaX Q&A der Mouse (Nov 04)