FW: OT: broken/useless ansi - console driver??
Kenneth Brody
kenbrody at bestweb.net
Wed Oct 26 05:42:43 PDT 2005
Quoting Fairlight (Wed, 26 Oct 2005 00:39:06 -0400):
[... the "text file busy" issue ...]
> Actually, there is one thing I'm curious about. Ken and Jay would both
> likely know more than I would about the feasibility of this line of
> conjecture. Remember when I copied over the same binary on Solaris and
> it didn't break? Would it be possible to inject a modified binary the
> same size, but slightly modified so as to actually capture sensitive
> data or the like via the modifications? Or is it doomed to fail and
> crash if -any- byte in the file is different from the original image?
> I mean, just crashing something is one thing. If it became a security
> issue, that's entirely another.
I would expect that it would be the equivalent of writing to the code
segment. If you keep everything aligned where it is now, and inject
code in the right place, it would continue running. If/when the page
containing the modified code were swapped out (actually "discarded")
and swapped back in, the new code would be there to execute.
The problem is, a new version of the binary is likely to not have
everything at the same offset. So, when you swap the page back in,
rather than executing FunctionName(), you start executing it at
FunctionName()+Delta, causing "bad things"[tm] to happen.
--
KenBrody at BestWeb dot net spamtrap: <g8ymh8uf001 at sneakemail.com>
http://www.hvcomputer.com
http://www.fileProPlus.com
More information about the Filepro-list
mailing list