> On Tue, 4 Aug 1998 linker@z.ml.org wrote:
> > As for changing the address to someplace in libc, couldn't we relocated
> > all libs so that they have a null byte in their address?
>
> What are you trying to achieve with this? Sorry, I don't get it.
>
> Greetings,
>
> Geert
Okay, what atacker does is something like
[buffer.......][returnaddress]
Fill^^^^^^^^^^^place address of function in libc of something bad.
The copy routines that people exploit copy null terminated strings. So the
exploiter must make their exploit code void of null characters, because
sending one will stop the copy. If you make it tougher to form a pointer
to that 'bad' functions without using null characters then it makes their
job harder.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html