|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: Gerardo Richarte (gera
corest.com)
Date: Wed Jan 07 2004 - 15:52:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Schütz wrote:
>
> Thinking this farther, we are going to force the exploit developer to
> bring along his own binary code of /bin/bash. This may not be possible
> in every case, since the buffer overflow cannot hold so much data.
Embeding more than a 'execve("/bin/sh")' as egg is not a oh so crazy idea, take a look at, for example:
- Syscall Proxying
http://www1.corest.com/common/showdoc.php?idx=259&idxseccion=11
- grugq's excelent Userland Exec
http://www.securityfocus.com/archive/1/348638/2003-12-28/2004-01-03/0
- InlineEgg
http://oss.corest.com/projects/inlineegg.html
http://community.corest.com/~gera/ProgrammingPearls/InlineEgg.html
- ShellForge
www.secdev.org/shellforge.html
- MOSDEF
http://www.immunitysec.com/MOSDEF/
And quite a few other similar things and projects I know some other people is working on.
So, as usuall with too simple security protections, it's good to do it, unless you are going to believe that you are ANY safer by doing it. So, in short... why to do it if after doing so you can't feel safer?
gera
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]