Chuck Ebbert wrote:
>>There is another issue: x86 uses relative jumps, so although "ASCII
>>armor" addresses aren't easily accessible using return address smashes
>>(although the \0 at the end thing is a real issue), you may be able to
>>get to them through a jump instruction.
>
> Does the instruction-pointer-relative data addressing mode added by
> AMD64 make these exploits easier? Maybe someone should be working on a
> version of this patch for that platform...
>
No, they don't, not if your mode of exploit is hacking return addresses
on the stack.
AMD64 makes this pretty easy, *ALL* user-space addresses are in the
"ASCII armour" area, and it supports exec-off. Apparently this is
currently off by default, but Andi Kleen says that they have identified
the bug that caused it and they're making it available as a kernel option.
-hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 07 2003 - 22:00:20 EST