format string exploit
fly_b747 at gmx.de
Tue Aug 8 08:32:47 PDT 2006
> Do any of you have gcc3 ssp to confirm this code is aborted
> with -fstack-protector-all, and drops to shell with
> This code has assembly, you need to pass -no-pie too. I clearly remember
> stopping using libsafe because ssp aborted all the same exploits libsafe
> would and more.
I have gcc-3.4.5 ssp, tried the exploit. The first tries have been
bailed out by my grsec kernel (which in general is a good thing but this
time was not intended ;-) ).
My second tries with a reguar kernel just gave a segmentation fault, no
shell regardless of -fno-stack-protector or not. I will have a closer
look within the next 1 or two days, keep you updated.
More information about the hlfs-dev