OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: BitchX /ignore bug
From: Benjamin Karas (bjk4PO.CWRU.EDU)
Date: Wed Jul 05 2000 - 09:45:22 CDT

On Tue, 4 Jul 2000, Stephen J. Friedl wrote:

> Except on the most unbelivably bizarre platforms, these parameters are
> generally passed on the stack in the usual order for that architecture. On
> the Intel machines, for instance, they params are push right to left and
> the stack grows down. Other architectures can and do either of these
> differently.

I just wanted to point out that the PowerPC is one of the unbelievably bizarre
platforms -- it passes parameters in registers. I've also seen some pretty
strange stuff on OpenBSD with parameter passing.

For those who are curious, exploiting a PowerPC program can be a bit more
difficult than an x86 program. First, PPC code is optimized such that frames
are 32 *byte* aligned. I've been told this is becuase of how the PPC cache
works. Furthermore, strings and stuff are 4 byte aligned. This all means
that there are often unused bytes on the stack. This means strings might not
be adjacent on the stack, which eliminates the attacks described in Phrack 56,
article 0x0e.

Another difficulty is that a lot of opcodes in PPC assembly contain zeros in
them (each is 4 bytes long).

I just wanted to point these things out. Running a server on PPC hardware
might be slightly more secure than Intel simply from an obscurity standpoint.

-Ben Karas