[3927] in bugtraq
Re: Smashing the stack on a DEC Alpha
daemon@ATHENA.MIT.EDU (Julian Assange)
Fri Jan 17 11:32:48 1997
Date: Fri, 17 Jan 1997 18:51:35 +1100
Reply-To: proff@suburbia.net
From: Julian Assange <proff@suburbia.net>
X-To: dreamer@garrison.inetcan.net
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.91.970116173704.28564B-100000@garrison.inetcan.net>
from Digital Dreamer at "Jan 16, 97 05:37:55 pm"
> If I recall, and I could be wrong here, the stack is marked as
> non-executable on that platform, and as a result, the system won't
> execute code placed there.
>
> Don't quote me on that though.
>
> dreamer
This is the case. The heap however is a different story. DEC's
design policy left exec bits on for the heap and various library
statics as a legacy for interactive dynamically compiled languages.
As such it the architecture still suffers from buffer overruns,
but requires a two pronged attack; PC adjustment via the stack to
code on the heap. The are other not insurmountable difficulties
with exploiting OSF code - this generally relates to the delayed
binding of the dynamic library system.
Cheers,
Julian <proff@iq.org>
