Hosting Provided By

Re: looking for recursion stack overflow exploit

From: <Valdis.Kletnieks(at)vt.edu>
Date: Fri Nov 22 2002 - 09:34:49 EST

On Wed, 20 Nov 2002 07:27:21 EST, bukys@cs.rochester.edu said:
> While a recursion-induced stack overflow can obviously lead to a

The only possibility I can see here is if you can find some way to subvert the "stack size exceeded" error handler when the recursion finally runs out of stack. However, it's probably not productive, since most programs don't include recursive code to start with, and if you are able to subvert an error handler, it's a lot faster/easier to hijack whatever your system's moral equivalent of the Unix SIGSEGV, and then reference non-existent memory and exploit quickly.

On the other hand, the Unix libc usually contains the qsort() and ftw() routines, which might be interesting. ftw() is prone to race conditions, and it *might* be possible to feed qsort() a specially crafted array of values that would give it indigestion at an inconvenient time (the place to start would probably be an out-of-memory condition in the compare() function passed to qsort()).

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Received on Sat Nov 23 14:24:45 2002

This message: [ Message body ]
Next message: Enrique A. Sanchez Montellano: "G-Con Announcement"
In reply to bukys(at)cs.rochester.edu: "looking for recursion stack overflow exploit"
Next in thread: Sebastian Krahmer: "Re: looking for recursion stack overflow exploit"
Reply: Michael Wojcik: "RE: looking for recursion stack overflow exploit"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT