> > What are you trying to achieve with this? Sorry, I don't get it.
> Okay, what atacker does is something like
>
> [buffer.......][returnaddress]
>
> Fill^^^^^^^^^^^place address of function in libc of something bad.
>
> The copy routines that people exploit copy null terminated strings. So the
> exploiter must make their exploit code void of null characters, because
> sending one will stop the copy. If you make it tougher to form a pointer
> to that 'bad' functions without using null characters then it makes their
> job harder.
The job of exploiting it to get a shell gets harder, the job of just
crashing the affected application (which probably is very bad in itself)
stays just the same... and the application is just as broken as before.
Why bother?
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html