* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
@ 2003-09-20 8:07 Charles Forsyth
0 siblings, 0 replies; 16+ messages in thread
From: Charles Forsyth @ 2003-09-20 8:07 UTC (permalink / raw)
To: 9fans
>>listens to the network. But then, he'd still be none.
n0ne, surely?
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 15:35 ` Markus Friedl
@ 2003-09-22 9:01 ` I phantom
0 siblings, 0 replies; 16+ messages in thread
From: I phantom @ 2003-09-22 9:01 UTC (permalink / raw)
To: 9fans
markus@openbsd.org (Markus Friedl) wrote in message news:<20030920153514.GA25835@folly>...
> AFAIK, phrack 62 is fake, a hoax.
>
> On Sat, Sep 20, 2003 at 02:55:37AM -0400, Russ Cox wrote:
> > He exploited a buffer overrun in his own program.
> > It would be more interesting if he exploited a buffer
> > overrun in some system program, preferably one that
> > listens to the network. But then, he'd still be none.
> >
> > Russ
If you had actually bothered to read the introduction you would know
that
Phrack 62 is not fake but merely a change of direction. But actually
reading..... (a zine, documentation, literature, openssh code) is 2
much to expect from anyone@openbsd.org. To everyone else on this list,
I apologize.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:49 ` Dan Cross
2003-09-20 17:53 ` William K. Josephson
@ 2003-09-20 20:12 ` David Presotto
1 sibling, 0 replies; 16+ messages in thread
From: David Presotto @ 2003-09-20 20:12 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 70 bytes --]
Not much code, just syscall space. We can probably nuke most of them.
[-- Attachment #2: Type: message/rfc822, Size: 2302 bytes --]
From: Dan Cross <cross@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
Date: Sat, 20 Sep 2003 13:49:56 -0400
Message-ID: <200309201749.h8KHnuj24873@augusta.math.psu.edu>
And presumably the rest are for binary compatibility with older (pre-4e)
systems? Hmm.... That's a lot of compatibility to be carrying around.
- Dan C.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:14 ` Dan Cross
2003-09-20 17:22 ` Russ Cox
@ 2003-09-20 20:10 ` David Presotto
1 sibling, 0 replies; 16+ messages in thread
From: David Presotto @ 2003-09-20 20:10 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 317 bytes --]
There are actually on 48. 10 are there for backward compatibilit.
/sys/src/libc/9syscall/sys.h
Not much that wasn't there 3rd edition. I'm looking at adding a passfd
thought my first attempt wasn't pretty. Actually passfd was easy but
making it work across systems was a bit strained. I'm working on that.
[-- Attachment #2: Type: message/rfc822, Size: 2495 bytes --]
From: Dan Cross <cross@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
Date: Sat, 20 Sep 2003 13:14:04 -0400
Message-ID: <200309201714.h8KHE4j24603@augusta.math.psu.edu>
Wow; I haven't laughed _that_ hard in a *long* time. I especially like
the last few paragraphs, and the part about him flunking his high-school
english class.
In terms of a technical reaction, the first thing that strikes me is: We
have 51 system calls now? Wow; we've porked up. How many of those are for
compatability with the 3rd Edition?
- Dan C.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 18:37 ` Dan Cross
2003-09-20 18:39 ` Russ Cox
@ 2003-09-20 19:07 ` William K. Josephson
1 sibling, 0 replies; 16+ messages in thread
From: William K. Josephson @ 2003-09-20 19:07 UTC (permalink / raw)
To: 9fans
On Sat, Sep 20, 2003 at 02:37:41PM -0400, Dan Cross wrote:
> (Ps- I really do think it would be nice to get mpm out and give people
> the opportunity to either rewrite it or recompile it with g++.)
Rob has posted the source before; I use it under Unix with
some frequency, in fact.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 18:37 ` Dan Cross
@ 2003-09-20 18:39 ` Russ Cox
2003-09-20 19:07 ` William K. Josephson
1 sibling, 0 replies; 16+ messages in thread
From: Russ Cox @ 2003-09-20 18:39 UTC (permalink / raw)
To: 9fans
> (Ps- I really do think it would be nice to get mpm out and give people
> the opportunity to either rewrite it or recompile it with g++.)
didn't rob post it a few years ago?
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 18:01 ` Russ Cox
@ 2003-09-20 18:37 ` Dan Cross
2003-09-20 18:39 ` Russ Cox
2003-09-20 19:07 ` William K. Josephson
0 siblings, 2 replies; 16+ messages in thread
From: Dan Cross @ 2003-09-20 18:37 UTC (permalink / raw)
To: 9fans
> it's not just mpm. i can run almost every binary that has
> ever been compiled on plan 9 (for my current architecture).
> that's useful occasionally, and it's 100 lines of code to implement.
> if you don't want to carry it around, you could chop it out
> of your copy, but there are much bigger things you could drop
> instead.
Oh, I don't know; it depends on what the compatibility routines do. If
they just marshall arguments around (for instance, dealing with the
widening of types and the like), that's one thing. On the other hand,
if they represent entirely different implementations of common system
calls, such as in cases where semantics have changed and some amount of
compatibility with the old semantics was desired, that's another. If
we find the system call table filling up with the latter, I'd say it's
time to start thinking about recompiling things that are usefully
brought forward and chopping out the compatibility stuff. Yes, there
are bigger fish to fry, but if you can kill this one while it's still a
tadpole, it seems like a good idea.
That said, I'd note that some of the more interesting programs in,
e.g., 2nd edition are affected not by the lack or change in system
calls, but by fundamental changes in subsystems (ie, the introduction
of /dev/draw as a replacement for /dev/bitblt and friends, which
affects a number of things).
- Dan C.
(Ps- I really do think it would be nice to get mpm out and give people
the opportunity to either rewrite it or recompile it with g++.)
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:57 ` Dan Cross
@ 2003-09-20 18:01 ` Russ Cox
2003-09-20 18:37 ` Dan Cross
0 siblings, 1 reply; 16+ messages in thread
From: Russ Cox @ 2003-09-20 18:01 UTC (permalink / raw)
To: 9fans
> Funny you should mention that... it's exactly what I was thinking of
> in terms of NOT eliminating compatibility. I suppose the obvious answer
> would be to just recompile it with g++ or otherwise release it (mpm).
it's not just mpm. i can run almost every binary that has
ever been compiled on plan 9 (for my current architecture).
that's useful occasionally, and it's 100 lines of code to implement.
if you don't want to carry it around, you could chop it out
of your copy, but there are much bigger things you could drop
instead.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:53 ` William K. Josephson
@ 2003-09-20 17:57 ` Dan Cross
2003-09-20 18:01 ` Russ Cox
0 siblings, 1 reply; 16+ messages in thread
From: Dan Cross @ 2003-09-20 17:57 UTC (permalink / raw)
To: 9fans
Funny you should mention that... it's exactly what I was thinking of
in terms of NOT eliminating compatibility. I suppose the obvious answer
would be to just recompile it with g++ or otherwise release it (mpm).
- Dan C.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:49 ` Dan Cross
@ 2003-09-20 17:53 ` William K. Josephson
2003-09-20 17:57 ` Dan Cross
2003-09-20 20:12 ` David Presotto
1 sibling, 1 reply; 16+ messages in thread
From: William K. Josephson @ 2003-09-20 17:53 UTC (permalink / raw)
To: 9fans
On Sat, Sep 20, 2003 at 01:49:56PM -0400, Dan Cross wrote:
> And presumably the rest are for binary compatibility with older (pre-4e)
> systems? Hmm.... That's a lot of compatibility to be carrying around.
How else are you going to run mpm? ;-)
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:22 ` Russ Cox
@ 2003-09-20 17:49 ` Dan Cross
2003-09-20 17:53 ` William K. Josephson
2003-09-20 20:12 ` David Presotto
0 siblings, 2 replies; 16+ messages in thread
From: Dan Cross @ 2003-09-20 17:49 UTC (permalink / raw)
To: 9fans
And presumably the rest are for binary compatibility with older (pre-4e)
systems? Hmm.... That's a lot of compatibility to be carrying around.
- Dan C.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 17:14 ` Dan Cross
@ 2003-09-20 17:22 ` Russ Cox
2003-09-20 17:49 ` Dan Cross
2003-09-20 20:10 ` David Presotto
1 sibling, 1 reply; 16+ messages in thread
From: Russ Cox @ 2003-09-20 17:22 UTC (permalink / raw)
To: 9fans
i count 36 essential system calls, up from 35 in 2e.
basically fd2path is the only change.
4e essential:
#define BIND 2
#define CHDIR 3
#define CLOSE 4
#define DUP 5
#define ALARM 6
#define EXEC 7
#define EXITS 8
#define FAUTH 10
#define SEGBRK 12
#define OPEN 14
#define SLEEP 17
#define RFORK 19
#define PIPE 21
#define CREATE 22
#define FD2PATH 23
#define BRK_ 24
#define REMOVE 25
#define NOTIFY 28
#define NOTED 29
#define SEGATTACH 30
#define SEGDETACH 31
#define SEGFREE 32
#define SEGFLUSH 33
#define RENDEZVOUS 34
#define UNMOUNT 35
#define SEEK 39
#define FVERSION 40
#define ERRSTR 41
#define STAT 42
#define FSTAT 43
#define WSTAT 44
#define FWSTAT 45
#define MOUNT 46
#define AWAIT 47
#define PREAD 50
#define PWRITE 51
2e essential:
#define ERRSTR 1
#define BIND 2
#define CHDIR 3
#define CLOSE 4
#define DUP 5
#define ALARM 6
#define EXEC 7
#define EXITS 8
#define FSESSION 9
#define FAUTH 10
#define FSTAT 11
#define SEGBRK 12
#define MOUNT 13
#define OPEN 14
#define READ 15
#define SEEK 16
#define SLEEP 17
#define STAT 18
#define RFORK 19
#define WRITE 20
#define PIPE 21
#define CREATE 22
#define BRK_ 24
#define REMOVE 25
#define WSTAT 26
#define FWSTAT 27
#define NOTIFY 28
#define NOTED 29
#define SEGATTACH 30
#define SEGDETACH 31
#define SEGFREE 32
#define SEGFLUSH 33
#define RENDEZVOUS 34
#define UNMOUNT 35
#define WAIT 36
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 6:49 Vester Thacker
2003-09-20 6:55 ` Russ Cox
@ 2003-09-20 17:14 ` Dan Cross
2003-09-20 17:22 ` Russ Cox
2003-09-20 20:10 ` David Presotto
1 sibling, 2 replies; 16+ messages in thread
From: Dan Cross @ 2003-09-20 17:14 UTC (permalink / raw)
To: 9fans
Wow; I haven't laughed _that_ hard in a *long* time. I especially like
the last few paragraphs, and the part about him flunking his high-school
english class.
In terms of a technical reaction, the first thing that strikes me is: We
have 51 system calls now? Wow; we've porked up. How many of those are for
compatability with the 3rd Edition?
- Dan C.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 6:55 ` Russ Cox
@ 2003-09-20 15:35 ` Markus Friedl
2003-09-22 9:01 ` I phantom
0 siblings, 1 reply; 16+ messages in thread
From: Markus Friedl @ 2003-09-20 15:35 UTC (permalink / raw)
To: 9fans
AFAIK, phrack 62 is fake, a hoax.
On Sat, Sep 20, 2003 at 02:55:37AM -0400, Russ Cox wrote:
> He exploited a buffer overrun in his own program.
> It would be more interesting if he exploited a buffer
> overrun in some system program, preferably one that
> listens to the network. But then, he'd still be none.
>
> Russ
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
2003-09-20 6:49 Vester Thacker
@ 2003-09-20 6:55 ` Russ Cox
2003-09-20 15:35 ` Markus Friedl
2003-09-20 17:14 ` Dan Cross
1 sibling, 1 reply; 16+ messages in thread
From: Russ Cox @ 2003-09-20 6:55 UTC (permalink / raw)
To: 9fans
He exploited a buffer overrun in his own program.
It would be more interesting if he exploited a buffer
overrun in some system program, preferably one that
listens to the network. But then, he'd still be none.
Russ
^ permalink raw reply [flat|nested] 16+ messages in thread
* [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f
@ 2003-09-20 6:49 Vester Thacker
2003-09-20 6:55 ` Russ Cox
2003-09-20 17:14 ` Dan Cross
0 siblings, 2 replies; 16+ messages in thread
From: Vester Thacker @ 2003-09-20 6:49 UTC (permalink / raw)
To: 9fans
Just in case some folks haven't read about it, an article was written about a
Plan9 exploit. The article can be found at http://phrack.unixchicks.com/
p62-0x09.txt
I found it disheartening, but interesting nonetheless. Comments?
-- Vester Thacker
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2003-09-22 9:01 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-09-20 8:07 [9fans] Plan 9 buffer overflow exploit explained in Phrack Volume 0x0b, Issue 0x3e, Phile #0x09 of 0x0f Charles Forsyth
-- strict thread matches above, loose matches on Subject: below --
2003-09-20 6:49 Vester Thacker
2003-09-20 6:55 ` Russ Cox
2003-09-20 15:35 ` Markus Friedl
2003-09-22 9:01 ` I phantom
2003-09-20 17:14 ` Dan Cross
2003-09-20 17:22 ` Russ Cox
2003-09-20 17:49 ` Dan Cross
2003-09-20 17:53 ` William K. Josephson
2003-09-20 17:57 ` Dan Cross
2003-09-20 18:01 ` Russ Cox
2003-09-20 18:37 ` Dan Cross
2003-09-20 18:39 ` Russ Cox
2003-09-20 19:07 ` William K. Josephson
2003-09-20 20:12 ` David Presotto
2003-09-20 20:10 ` David Presotto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).