From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sat, 22 Jan 2005 01:33:05 +0200 From: Michael Shigorin To: community-en@altlinux.org Subject: Re: [Comm-en] System call via buffer overflow not working Message-ID: <20050121233305.GP1188@osdn.org.ua> Mail-Followup-To: community-en@altlinux.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-BeenThere: community-en@altlinux.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: community-en@altlinux.org List-Id: "Mailing list for ALT Linux users \(in English only\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 23:33:07 -0000 Archived-At: List-Archive: List-Post: On Fri, Jan 21, 2005 at 05:32:42PM -0500, Aaron McDonald wrote: > Linux Magazine has a buffer overflow article in the February > 2005 issue. I enjoyed the article because I'd never read much > about how to compromise a system using a buffer overflow > strategy. I attempted to run two of the buffer overflow > examples on my ALT Linux Sisyphus (20041129) box but found that > the examples didn't work. Ouch! :) > I tried the examples on my Slackware 9.1 box (2.4 kernel) and > everything worked! Wonders. > This second strategy involves storing a command in an > environment variable and then passing this parameter to the > system() function via a buffer overflow. In my case, the > system() function is being called but it fails to execute the > specified command. I know that ALT's glibc has some hardening and sanitizing patches -- you may want to grab src.rpm and examine them. > I've included all the details below if anyone cares to look > into this. I'm not dying to know the answer but it'd be cool to > know what's going on here. Not sure whether it's proper but if you're positively interested it may be worth asking security@. -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/