lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031021001927.GB69083@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: No Subject (re: openssh exploit code?)

Hi,

Maybe I missed something here...

I'm an assembler jockey from BITD and I know a few things about alloc/
calloc/malloc and heaps and stacks etc. So what's the key, may I ask, 
to this heap exploit that was the origin of this thread?

Heap, as you know, is memory from which blocks are dynamically
allocated. Ideally (although not always actually) heap memory is
allocated, used, freed, and possibly reused or else the OS gets it
back and can provide it to another process. Now, in many cases that
memory does not get scrubbed from one process to another, which is 
why people are urged to bcopy/memcpy() the allocated memory so that
it is transmuted into a known state. Technically no matter what code
you put in the heap space, unless the OS does something executable 
with it (and in privileged mode of course) there is nothing that user
space code can do that would elevate privileges. BTW, my understanding 
is that the mechanism works the same regardless of big/little endian,
and I've done it on IBM mainframes, VAXen, and Intel chips...

So, can one of you pls point me back at the message where the technical
part of this heap 'sploit is discussed?  Thanx.

G

On or about 2003.10.20 16:18:05 +0000, mitch_hurrison@...lip.com (mitch_hurrison@...lip.com) said:

> Hi Paul,
> 
> > So there's the 1% l33ts like you, and then there's the 99% of the 
> > human populace that has other things to do besides squirrel 
> > around with code. I get it.
> 
> How does my "squirreling around with code" all day bare relevance
> to the points I put forward? If anything you as an admin should
> be happy noone has been foolish enough to release an exploit
> en-masse no? I chose this life and I chose to commit myself
> to the research I do. I work hard at it and I don't think releasing
> exploit code is a justifiable action in this day and age. Then
> you come wobbling out of the woodwork to muster up some obscure
> insult about me being a "code monkey"? Very classy Paul. 

<SNIP>

-- 
Gregory A. Gilliss, CISSP                             Telephone: 1 650 872 2420
Computer Engineering                                   E-mail: greg@...liss.com
Computer Security                                                ICQ: 123710561
Software Development                          WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ