skip to main | skip to sidebar

allstars' blog

shut the fuck up and write some code

Friday, April 30, 2010

為什麼mmap size跟root有關系?

http://groups.google.com/group/android-kernel/browse_thread/thread/497ba1a48c3cd710

原因在這
http://lwn.net/Articles/342330/
http://xorl.wordpress.com/2009/08/18/cve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference/
http://www.securityfocus.com/archive/1/archive/1/505751/100/0/threaded

第二個link http://xorl.wordpress.com/2009/08/18/cve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference/

有講到三個hack

http://go2.wordpress.com/?id=725X1342&site=xorl.wordpress.com&url=http%3A%2F%2Fwww.grsecurity.net%2F~spender%2Fwunderbar_emporium.tgz&sref=http%3A%2F%2Fxorl.wordpress.com%2F2009%2F08%2F18%2Fcve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference%2F
這用了
oxff
0x25

0xff 0x25其實就是jmp的opcode
找個例子 objdump -D 就看出來了

http://go2.wordpress.com/?id=725X1342&site=xorl.wordpress.com&url=http%3A%2F%2Fwww.frasunek.com%2Fproto_ops.tgz&sref=http%3A%2F%2Fxorl.wordpress.com%2F2009%2F08%2F18%2Fcve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference%2F

這用了0x90 0xe9

跟最後一個比較簡單的
http://go2.wordpress.com/?id=725X1342&site=xorl.wordpress.com&url=http%3A%2F%2Fmilw0rm.com%2Fsploits%2Fandroid-root-20090816.tar.gz&sref=http%3A%2F%2Fxorl.wordpress.com%2F2009%2F08%2F18%2Fcve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference%2F
Posted by allstars.chh at 11:20 AM
Labels: kernel

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Top posts

  • Android Media stack
  • コ ン ピ ュ ー タ 科 学
  • Android查看memory usage

Labels

  • 3gpp (1)
  • android (56)
  • android_build_system (10)
  • android_emulator (7)
  • android_ndk (2)
  • ant (3)
  • b2g (4)
  • bash (1)
  • c/cpp (16)
  • dalvik (1)
  • dart (2)
  • debugger (1)
  • gcc (9)
  • html5 (3)
  • java (5)
  • javascript (8)
  • kernel (2)
  • linux (1)
  • llvm (1)
  • minix3 (2)
  • mozilla (2)
  • n82 (1)
  • nexus one (1)
  • nfc (1)
  • private (16)
  • python (6)
  • renderscript (1)
  • scotland (1)
  • ubuntu (3)
  • v8 (3)
  • vi (3)
  • webkit (12)

Total Pageviews

Search my blog

Blog Archive

  • ►  2014 (5)
    • ►  July (2)
    • ►  June (2)
    • ►  May (1)
  • ►  2013 (6)
    • ►  April (3)
    • ►  March (2)
    • ►  February (1)
  • ►  2012 (5)
    • ►  June (1)
    • ►  May (2)
    • ►  February (2)
  • ►  2011 (60)
    • ►  December (1)
    • ►  November (9)
    • ►  October (9)
    • ►  September (4)
    • ►  August (5)
    • ►  July (2)
    • ►  May (6)
    • ►  April (5)
    • ►  March (2)
    • ►  February (3)
    • ►  January (14)
  • ▼  2010 (64)
    • ►  December (8)
    • ►  November (23)
    • ►  October (7)
    • ►  September (1)
    • ►  August (3)
    • ►  July (6)
    • ►  June (4)
    • ►  May (3)
    • ▼  April (6)
      • 為什麼mmap size跟root有關系?
      • opengl from donut to eclair
      • using JNI in pthread
      • android emulator的cpu
      • gcc的extension
      • enable native WebKit log
    • ►  March (2)
    • ►  January (1)
  • ►  2009 (17)
    • ►  December (1)
    • ►  November (3)
    • ►  October (1)
    • ►  September (2)
    • ►  August (5)
    • ►  July (2)
    • ►  June (3)
  • ►  2008 (3)
    • ►  September (1)
    • ►  March (2)
  • ►  2007 (1)
    • ►  April (1)

About Me

My photo
View my complete profile