[Info-vax] Android development Was Re: OT: Larry Ellison takes retirement as CEO of Oracle
JF Mezei
jfmezei.spamnot at vaxination.ca
Sun Sep 21 13:26:27 EDT 2014
On 14-09-21 13:13, Paul Sture wrote:
> Yes. This is what the phrase "Arbitrary code execution" that you see in
> reports of attacks which take advantage of buffer overflows and zero day
> exploits.
However, such a payload designed for Linux would have to know exactly
what to do and what to deposit in specific memory oocations etc. And
while assembler code that does 2+2 would likely run fin on both linux
and VMS, anything that wants to overcome security would be very OS
specific. Trying to deposit something in a low memory location to
elevate your Unix privileges might result in VMS changing baud rate on a
terminal because memory is mapped totally difeferntly for the OS/kernel
stuff.
A smart hacker though might use that simple buffer overflow code to
detect what OS is hosting this process and then fetch OS specific code.
More information about the Info-vax
mailing list