BUT exploit.c is compiled in userspace. The memset() is the symbol in glibc NOT in kernel. Disassemble Code: 0x08048a33 <give_it_to_me_any_way_you_can+223>: movl $0x1,0x804a7d4 0x08048a3d <give_it_to_me_any_way_you_can+233>: movl $0x20,0x8(%esp) 0x08048a45 <give_it_to_me_any_way_you_can+241>: movl $0x0,0x4(%esp) 0x08048a4d <give_it_to_me_any_way_you_can+249>: mov -0x10(%ebp),%eax 0x08048a50 <give_it_to_me_any_way_you_can+252>: mov %eax,(%esp) 0x08048a53 <give_it_to_me_any_way_you_can+255>: call 0x804863c <memset@plt> 0x08048a58 <give_it_to_me_any_way_you_can+260>: add $0x24,%esp 0x08048a5b <give_it_to_me_any_way_you_can+263>: pop %ebx 0x08048a5c <give_it_to_me_any_way_you_can+264>: pop %ebp 0x08048a5d <give_it_to_me_any_way_you_can+265>: ret 2009/8/28 Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx>: > 2009/8/27 fisherman <ipconfigme@xxxxxxxxx>: >> own_the_kernel() will run in kernel mode, when trigger the bug in user mode. >> >> BUT give_it_to_me_any_way_you_can() call memset(), memset() is a >> function in glic. > > not really, check > http://lxr.linux.no/#linux+v2.6.30.5/arch/x86/lib/memcpy_32.c#L17 > > memset() also has a "clone" as kernel function too. > > -- > regards, > > Mulyadi Santosa > Freelance Linux trainer > blog: the-hydra.blogspot.com > -- Best Regards :-) ------------------------------------------- Wang Yao(王耀),wangyao@xxxxxxxxxxxxx ipconfigme@xxxxxxxxx HomePage: http://cudev.cublog.cn Research Center of Computer Network and Information Security Technology Harbin Institute Of Technology Address:NO.92 West Da-Zhi Street,NanGang District,Harbin,Heilongjiang -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
