Re: Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer)

[Peter Busser]

On Wednesday 02 February 2005 23:08, pageexec@xxxxxxxxxxx wrote:
> > and how do you force a program to call that function and then to execute
> > your shellcode? In other words: i challenge you to show a working
> > (simulated) exploit on Fedora (on the latest fc4 devel version, etc.)
> > that does that.

Ingo is assuming a best-case scenario here. Assumptions are the mother of all 
fuckups. This discussion does not address issues which arise when:

- You compile code with different compilers (say, OCaml, tcc, Intel Compiler, 
or whatever)
- What happens when you run existing commercial applications which have not 
been compiled using GCC.
- What happens when you mix GCC compiled code with other code (e.g. a 
commercial Motif library).
- What happens when you link libraries compiled with older GCC versions?
- And so on and so forth.

It can be fun to dive into a low-level details discussion. But unless you 
solved the higher level issues, the whole discussion is just a waste of time. 
And these higher level issues won't be fixed unless people start to properly 
address worst-case behaviour, like any sensible engineer would do.

> i don't have any Fedora but i think i know roughly what you're doing,
> if some of the stuff below wouldn't work, let me know.

You've tried to educate these people before. You're wasting your time and 
talent. I think you should ask for a handsome payment when these people want 
to enjoy the privilege of being properly educated by someone who knows what 
he's talking about.

Groetjes,
Peter.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/