|
On Mon, 2004-11-08 at 10:15, Walden H. Leverich wrote: > Rich, > > You make an assumption that admin_flag1 is immediately following buffer > in memory. It's more likely that admin_flag1 is on the next 8 or 16-byte > boundary, and I think it could be just about anywhere. Data structures > must be laid out sequentially, stand alone fields are fair game. > > Having said that, make your attempt more aggressive! Try setting > memory=baddata where baddata is a 65,000 byte field. That's sure to mess > stuff up! Right, I'm sure that I can totally hose the static storage area of the program, but that's not the goal. The goal is to see whether or not an attacker could, without crashing the program, gain some kind of control over it. According to the last message from Bruce, it seems that it would take an extraordinary effort to do so, though it does remain at least possible, given the right circumstances. -- Regards, Rich Current Conditions in Des Moines, IA Broken Clouds Temp 42.8F Winds out of the Southwest at 9mph
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.