On Fri, 2006-08-18 at 17:59 +0000, Jules Richardson wrote:
As an aside: I've never quite understood these OS
image vunerabilities.
Doesn't any modern OS provide sufficient protection such that a process can't
just stomp all over memory at random? Unless the problem is just a Windows
thing...
No, its more than just a windows thing.
Most of the vulnerabilities I've read about (and understood) have been
of the "trash the stack" sort.
You hand off a specially crafted input source (be it an image, a http
post, or even command line argument. )
That triggers some boundary condition in the routine which replaces the
proper return address on the machine stack w/ your own specified
address. (Which is usually the address of some machine code you
embedded in your input source.)
Upon return from the routine, the process goes to your code, which does
whatever...
I've seen them work..The really interesting ones are somewhat difficult
to come up with, but far from impossible.
David
cheers
J.