SecurityFocus

"Moving" Stack: my poor return address! Aug 01 2006 02:03AM
Jack C (list-recv crepinc com) (4 replies)

Re: "Moving" Stack: my poor return address! Aug 02 2006 09:14AM
Alexander Klimov (alserkli inbox ru)

Re: "Moving" Stack: my poor return address! Aug 01 2006 11:51PM
Steve Bonds (kzzvt3302 sneakemail com)

Re: "Moving" Stack: my poor return address! Aug 01 2006 11:18PM
Andrea Purificato - bunker (bunker fastwebnet it)

Alle 04:03, martedì 1 agosto 2006, Jack C ha scritto:

> I'm running on Fedora 5. Is this a security thing that's new in the past
> 2 years or so since I've coded one of these? Is there any way I can
> either (1) make the stack sit still so I can point into it or (2) find
> out where it is during execution?

Hi,

in 2.6 kernel there is a new "feature" about pseudo stack randomization
through virtual addresses in memory.
Try to search on google "stack randomization" and similar and you get a lot of
useful information. There are different technics to bypass this security
feature, try to play with these:

http://rawlab.mindcreations.com/codes/exp/randstack/exp_call_rand.pl
http://rawlab.mindcreations.com/codes/exp/randstack/exp_jmp_rand.pl

Happy hacking!
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

[ reply ]

Re: "Moving" Stack: my poor return address! Aug 01 2006 11:00PM
Jon Erickson (matrix phiral com)