>>>>> "Isaac" == Isaac To <[EMAIL PROTECTED]> writes:
>>>>> "Paul" == Paul Morgan <[EMAIL PROTECTED]> writes:
Paul> With regard to your question 3, a buffer overflow exploit is
Paul> always a stack exploit and is designed to execute arbitrary code
Paul> with the called program's privilege.
Isaac> But this time it is an "integer overflow", not a "buffer
Isaac> overflow". The idea is that when brk() is called, the kernel
Isaac> forgot to check whether this will result into the memory map
Isaac> pasting the end of address space used for the processes. The
Isaac> problem is that after pasting the end of the address space, it
Isaac> starts to be the kernel space, mapping all the physical memory of
Isaac> the computer directly. I.e., it includes all the memory of the
Isaac> kernel and also all the memory of all other processes. Once you
Isaac> get to this point, it just requires a little bit more imagination
Isaac> before you can write to all the memory of the computer directly,
Isaac> skipping all the protection mechanism of the kernel.
All the "pasting" should really be "passing"... stupid me non-native English
speaker...
Regards,
Isaac.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
