Dailydave mailing list archives
Re: re: PaX PoC-exploit.
From: Sinan Eren <sinan.eren () immunitysec com>
Date: Thu, 6 May 2004 13:42:32 -0400 (EDT)
i am happy that Joel came up with that unnecessary and much pointless poc code, here you GO! we end up learning something of this novel and smart: """ pageexec () freemail hu wrote:
as i said, only for the trivial case (/lib/ld-linux.so.2 /mnt/nonexec/app), you can still construct a special ELF without executable PT_LOAD segments that would overlap the stack and do a ret2libc to mprotect then execute itself - that was the PoC i was referring to (and that's what won't work under PaX).
""" this is a real cool technique! thanks, -sinan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- PaX PoC-exploit. Joel Eriksson (May 02)
- Re: PaX PoC-exploit. Evgeny Demidov (May 02)
- Re: PaX PoC-exploit. Joel Eriksson (May 02)
- <Possible follow-ups>
- re: PaX PoC-exploit. pageexec (May 02)
- Re: re: PaX PoC-exploit. Joel Eriksson (May 02)
- Re: re: PaX PoC-exploit. pageexec (May 03)
- Re: re: PaX PoC-exploit. Joel Eriksson (May 04)
- Message not available
- Re: re: PaX PoC-exploit. pageexec (May 04)
- Re: re: PaX PoC-exploit. Sinan Eren (May 06)
- Re: re: PaX PoC-exploit. Nahual (May 06)
- Re: re: PaX PoC-exploit. Nenad Stojanovski (May 06)
- Re: re: PaX PoC-exploit. Joel Eriksson (May 06)
- Re: re: PaX PoC-exploit. ned (May 06)
- Re: re: PaX PoC-exploit. Joel Eriksson (May 07)
- Re: re: PaX PoC-exploit. Joel Eriksson (May 02)
- Re: re: PaX PoC-exploit. Sinan Eren (May 07)
- Re: re: PaX PoC-exploit. Joel Eriksson (May 07)
- Re: PaX PoC-exploit. Evgeny Demidov (May 02)