Re: [Full-disclosure] bash vulnerability?
From: Rik Bobbaers (Rik.Bobbaers_at_cc.kuleuven.be)
Date: 08/16/05
- Previous message: luke: "Re: [Full-disclosure] bash vulnerability?"
- In reply to: Boris Jordanov / Борис Йорданов: "Re: [Full-disclosure] bash vulnerability?"
- Next in thread: Graham Reed: "Re: [Full-disclosure] bash vulnerability?"
- Reply: Graham Reed: "Re: [Full-disclosure] bash vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.grok.org.uk Date: Tue, 16 Aug 2005 15:56:54 +0200
On Tuesday 16 August 2005 15:42, Boris Jordanov / Борис Йорданов wrote:
> Jay wrote:
> ...
>
> > the machine froze instantly but eventually, after a minute or so I was
> > able to ^C
>
> Same here:
like i said:
<quote>
anyway, if you compile this and run it in background, it will all die pretty
fast. (to make it even harder, make your own signal handlers!(okay, SIGKILL
will still work, but it will be harder to kill :))
</quote>
so ctrl-c is just a SIGINT... you can make the program ignore that signal, i
don't want to start doing that in asm (because its just a poc) but just
change the pointer to the signal handler to rewrite the pointer to a return
statement or something... i think SIGKILL is the only signal you can't
mask/adapt, unless you're root (where you can, with some strange actions) get
this to run in an uninterruptible state and so on... blabla, yadda yadda, off
topic and totally irrelevant. you want to talk about it some more... not on
this list, but in private :)
-- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@cc.kuleuven.be -=- http://harry.ulyssis.org Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient" 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3. I may take the contents as representing the views of your company. 4. This overrides any disclaimer or statement of confidentiality that may be included on your message. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: luke: "Re: [Full-disclosure] bash vulnerability?"
- In reply to: Boris Jordanov / Борис Йорданов: "Re: [Full-disclosure] bash vulnerability?"
- Next in thread: Graham Reed: "Re: [Full-disclosure] bash vulnerability?"
- Reply: Graham Reed: "Re: [Full-disclosure] bash vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
