lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <14482.1234884921@turing-police.cc.vt.edu>
Date: Tue, 17 Feb 2009 10:35:21 -0500
From: Valdis.Kletnieks@...edu
To: Jubei Trippataka <vpn.1.fanatic@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Exploiting buffer overflows via protected GCC

On Tue, 17 Feb 2009 12:19:07 +1100, Jubei Trippataka said:

> > > memset(buf, 'A', 528);

That's where the original poster is starting from...

> You commenting on exploitation is kind of like asking a deaf person what
> their favorite song is. You obviously have no clue what you are talking
> about due to the fact you offered absolutely no insight in to the protection
> mechanism he was asking about, nor potential means of exploitation. Given
> this the real question remains, do you actually believe you have any clue
> about this stuff, or are you like Wallace and just want to post useless
> shit?

Given the starting point, do you *really* think the original poster would
have understood an in-depth explanation of all the technical details, rather
than some hints as to the next thing he needs to learn about?  He's not going
to get anywhere until he learns at least that there's that canary on the
stack, and where it is in relation to the various variables and things like
the return address.

After that, yes, he faces *other* challenges.  But he'll learn more by thinking
through each issue on his own than if somebody hands him the whole enchilada.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ