In reference to Michal Zalewski's detailed post: >Perhaps notably, the ability to specify attacker-controlled addresses >hinges on the state of --enable-bash-malloc and --enable-mem-scramble
The correct ./configure argument for bash-malloc is --with-bash-malloc. Just wanted to note that out. I learned this from going to compile bash myself with these flags just now. :) >compile-time flags; if both are enabled, the memory returned by >xmalloc() will be initialized to 0xdf, making the prospect of >exploitation more speculative (essentially depending on whether the >stack or any other memory region can be grown to overlap with >0xdfdfdfdf) Cheers, -- ***************************** Michael Bazzinotti University of Massachusetts Boston b...@cs.umb.edu http://www.bazz1.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
