Re: exploiting a binary if %edi can be overwritten?

On Mon, 23 Jun 2003 10:06:05 +0200, avel@gmx.ch said:
> hi community,

Although the context here is implied to be Linux on an x86 CPU, it's good to remember that there are other Unixoids that run on an x86 (the *BSD and Solaris/X86, right off the top of my head) which may have different linkage conventions, and that Linux runs on other processors that don't have a %edi register...

I've even seen one exploit that failed to work on a test box - because the exploit used a 686-only opcode to work around something (a no-NULLs requirement or similar), and the testbed was a 486... ;)

So a quick reminder - mention your system and processor, just to be sure.

For all Unixoid boxes, 'uname -a' should be specific enough:

% uname -a
Linux turing-police.cc.vt.edu 2.5.72-mm3-lsm1 #3 Sun Jun 22 13:10:38 EDT 2003 i686 i686 i386 GNU/Linux

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

(Yes, I'm a maniac.. and yes, I know .73 is out :)