| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 13 21:16:01 2005 From: pageexec at freemail.hu (pageexec@...email.hu) Subject: linux bugs (survival stories)? > On Wed, 13 Apr 2005 17:51:17 BST, pageexec@...email.hu said: > > > Although it's still possible to do the whole mmap()/mprotect() thing to > > > *still* get an executable, I'd classify it as "some thought and skill > > > required" as opposed to "type this command line". It's not almost-impossible, > > > but I'd rate it a notch above "trivial".... > > > > you mean, until someone writes a tool that automates the whole > > process to become as simple as "type this command line"? > > Straw man, as *EVERY* exploit is that same way. :) what are you talking about? do you agree that automating the ret2libc/mprotect exploit method puts it at the same level of easyness (read: triviality) as running ld-linux.so or not? it's hard to deduce from your response.
Powered by blists - more mailing lists