|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Solaris 7 x86 lpset exploit.
From: Peter da Silva (peter
GRENDEL.ENG.BAILEYNM.COM)Date: Mon May 01 2000 - 10:59:00 CDT
- Next message: Valdis.KletnieksVT.EDU: "Re: aaa_base still vulnerable after upgrade"
- Previous message: deepquestNETSCAPE.NET: "INFO:AppleShare IP 6.3.2 squashes security bug"
- Next in thread: der Mouse: "Re: Solaris 7 x86 lpset exploit."
- Maybe reply: Peter da Silva: "Re: Solaris 7 x86 lpset exploit."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In article <200004291624.MAA19828twig.rodents.montreal.qc.ca>,
der Mouse <mouseRODENTS.MONTREAL.QC.CA> wrote:
> data around. Another possible way around it would be to cause gcc to
> keep part of the stack in the data segment, out of what the kernel
> thinks of as the stack, and have it do its trampolines there. This
> runs into big problems with setjmp and other nonlocal exits, and
> possibly with signal handlers as well.)
You could handle that by having a frame pointer on the processor stack
point into the function's executable stack frame (if it has one) on the
trampoline stack, rather than having a permanent stack pointer into this
space. I don't think there would be any issues with this, unless you're
trying to use setjmp/longjmp for coroutines or something perverse like
that.
- Next message: Valdis.KletnieksVT.EDU: "Re: aaa_base still vulnerable after upgrade"
- Previous message: deepquestNETSCAPE.NET: "INFO:AppleShare IP 6.3.2 squashes security bug"
- Next in thread: der Mouse: "Re: Solaris 7 x86 lpset exploit."
- Maybe reply: Peter da Silva: "Re: Solaris 7 x86 lpset exploit."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]