Vulnerability Development mailing list archives
solaris gdb screen mayhem
From: ant () notatla demon co uk (Antonomasia)
Date: Wed, 29 Aug 2001 22:51:52 +0100 (BST)
I've been attempting a white-hat "exploit" to run some demo code on the stack on Solaris. The aim is to show whether the non-executable stack is in force (and the /etc/system file may not be a reliable guide to this if modified since last boot or something). So ideally I'd take a Solaris/sparc shellcode and modify "sh" to "id" and plant this in a program that deliberately overflows itself. And this will be run on various machines periodically. My problems arise when: Having got "execution" of the illegal string "AAAAAAAA" I replace it with downloaded shellcode and this disturbs the exploit so it needs some adjustment. I get a core dump from either SEGV or BUS and in trying to find the program state with gdb it throws garbage over the screen and is not recovered by "stty sane" or "reset". I suppose I could wrap gdb in perl and allow only filtered chars to my terminal. What do other people do about this ? Execution on a non-executable stack gets a SEGV. Is there a way the program can distinguish this from any other SEGV ? Self-choosing values for portability is likely to be a future puzzle if this is overcome. -- ############################################################## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- solaris gdb screen mayhem Antonomasia (Aug 29)
- Re: solaris gdb screen mayhem corecode (Aug 30)
- Re: solaris gdb screen mayhem Dave Aitel (Aug 30)
- Re: solaris gdb screen mayhem wwieser (Aug 31)