[Israel.pm] perl memory and buffer overflows

amit sides DiAblo_2 at 012.net.il
Sun Dec 26 22:57:26 PST 2004


Gaal Yahas wrote:

> amit sides wrote:
>
>> im not looking for a big bugs in the general perl interpreter...just
>> wanna know about possible bugs that can be
>> by my programing ...and poeple that can use to buffer overflow my
>> code....i see a lot of exploits out there that use
>> to buffer overflow open source programs like 'open webmail', 'webmin',
>> etc...
>> what is this shell code that they send mean then ?
>
>
> This is no longer on-topic for perl-il, so I'll be brief:
>
> The idea with overrun exploits is that as a user, you get to overwrite a
> part of the memory image of a program with data you had carefully
> constructed yourself. Since with computers data can be code, you can get
> the program to run anything you want it to, with its own permissions. So
> if you're doing this on a remote machine you don't have regular shell
> access to, you could open a remote back door, or run remote commands. Or
> if you're doing it on a local machine, but you don't have permissions
> that the process you're attacking does, you can steal those permissions.
>
> Shell code refers to code (machine code, almost always) that starts up
> an interactive shell. Since this is simple code in itself and is yet
> pretty powerful, it is usually what attackers put at the bottom bit of
> their overwriting data.
>
> Google "stack smashing for fun and profit" for more info.
>
>
> And to turn this back to Perl: It is much easier to attack a CGI written
> in Perl by feeding it data which fools the interpreter to run things,
> *not* by overwriting buffers, but by playing with shell escapes. This is
> as real a risk as c buffer overruns. Read the perlsec manual page for
> the skinny on that.
>
Thanks a lot ...i think we'll continue this converstion in private...:)



More information about the Perl mailing list