buffer overflow
donoli
security on both of them against a buffer overflow. If someone has
the code in python for a buffer overflow, please post it.
donoli.
Martin v. Löwis
Gonçalo Rodrigues
wrote:
I vote QOTW for this one.
>
>Regards,
>Martin
With my best regards,
G. Rodrigues
Steve Holden
news:splb2vkt2lqspqjea...@4ax.com...
I've seen better social engineering in kindergarten classrooms.
regards
--
Steve Holden http://www.holdenweb.com/
Python Web Programming http://pydish.holdenweb.com/pwp/
Bring your musical instrument to PyCon! http://www.python.org/pycon/
Irmen de Jong
Gonçalo Rodrigues wrote:
> I vote QOTW for this one.
+1! LOL
Irmen
Mark Hammond
> "donoli" <e...@joes.com> wrote in message
> news:splb2vkt2lqspqjea...@4ax.com...
>
>>I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
>>security on both of them against a buffer overflow. If someone has
>>the code in python for a buffer overflow, please post it.
>>donoli.
>
>
> I've seen better social engineering in kindergarten classrooms.
I think you give the OP too much credit! <wink>
Mark.
donoli
<sho...@holdenweb.com> wrote:
>"donoli" <e...@joes.com> wrote in message
>news:splb2vkt2lqspqjea...@4ax.com...
>> I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
>> security on both of them against a buffer overflow. If someone has
>> the code in python for a buffer overflow, please post it.
>> donoli.
>
>I've seen better social engineering in kindergarten classrooms.
>
>regards
########################
If you don't want to answer the question, it's ok but don't tell me
what you see in your crystal ball that you bought on ebay.
donoli.
########################
ma...@pobox.com
I'm sure they could be added by a C extension module.
Tim Peters
> I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
> security on both of them against a buffer overflow. If someone has
> the code in python for a buffer overflow, please post it.
> donoli.
[Martin v. Loewis]
> Python does not support buffer overflows, sorry.
> I'm sure they could be added by a C extension module.
They already were, and, curiously enough, by the builtin bufferobject.c.
That supplies the builtin, little understood, and easily abused buffer
object. For fun, run this:
"""
from array import array
from random import randrange
i = 0
while 1:
i += 1
print i,
a = array('c', 'x' * randrange(10000))
b = buffer(a)
a.extend(array('c', 'y' * randrange(10000)))
c = list(b)
"""
Chances are high it will die with a segfault before going around the loop 20
times, because the buffer object created by buffer() can be left pointing at
freed memory by the array object guts getting reallocated, and then list(b)
ends up reading God-only-knows-what from the stale buffer object. Some of
the smarest people I know have refused to fix this <wink>.
Chad Netzer
> [Martin v. Loewis]
> > Python does not support buffer overflows, sorry.
> [pma...@pobox.com]
> > I'm sure they could be added by a C extension module.
>
> They already were, and, curiously enough, by the builtin
> bufferobject.c. That supplies the builtin, little understood, and
> easily abused buffer object. For fun, run this:
[snip]
> Chances are high it will die with a segfault before going around the
> loop 20 times,
My Debian Linux system seems to be missing this feature, in either 2.1
or 2.2.
<:-)> I thought python code was supposed to be portable. </:-)>
--
Bay Area Python Interest Group - http://www.baypiggies.net/
Chad Netzer
Tim H
"Tim Peters" <tim...@comcast.net> wrote in message
news:mailman.104277891...@python.org...
Hmmm, a Win2k box got to 14, while Linux got to where I got bored and
CTRL-C'ed it. Does this mean Linux can count higher than Windows?
Tim (not that one)
Thomas Heller
No, it means that these kind of bugs are easier to find on Windows
than on Linux ;-)
Thomas
Cliff Wells
There is no way to test an entire OS for buffer overflow issues [other
than perhaps in the libraries or system calls - but you still have to
test each individual routine]. If there were, buffer overflows would
have disappeared long ago. So the conclusion that must be drawn is
either a) you are trying to get someone to reveal *known* exploits
[hence the "social engineering" comment] or b) you don't really know
what it means [the "too much credit" comment].
If you want to know about known buffer overflow exploits in various
applications and OS's, search Google and read some of the voluminous
documentation you will find there.
BTW, Steve didn't buy that crystal ball on ebay, those ones are fake.
--
Cliff Wells, Software Engineer
Logiplex Corporation (www.logiplex.net)
(503) 978-6726 x308 (800) 735-0555 x308
David Eppstein
"Tim H" <t...@frontier.net.nospam> wrote:
> > Chances are high it will die with a segfault before going around the loop
> 20
> > times, because the buffer object created by buffer() can be left pointing
> at
> > freed memory by the array object guts getting reallocated, and then
> list(b)
> > ends up reading God-only-knows-what from the stale buffer object. Some of
> > the smarest people I know have refused to fix this <wink>.
> >
> >
>
> Hmmm, a Win2k box got to 14, while Linux got to where I got bored and
> CTRL-C'ed it. Does this mean Linux can count higher than Windows?
The Mac OS X.2 preloaded command-line python also bored me into ^C'ing
before any sign of a crash.
--
David Eppstein UC Irvine Dept. of Information & Computer Science
epps...@ics.uci.edu http://www.ics.uci.edu/~eppstein/
Tim Peters
> This should easily be resolved by proper reference counting. Then it would
> point to the old list object, but I think seen pythonically this is even
> correct.
Nope -- the buffer object captures a memory address not associated with any
Python object, so there's no refcount to *be* bumped. That memory can get
recycled and the buffer object pointing to it has neither a way to stop ir
nor to know about it when it happens. Dig into the Python-Dev archive for
years of argument about this. The current buffer object is plain broken.
That goes a long way toward explaining why you rarely hear about it, BTW
<wink>.
dead-feature-walking-ly y'rs - tim
donoli
wrote:
#######################
On W2K the code just forced python to close. It didn't hang the
machine. On FreeBSD it gave me some errors. Here they are:
from: can't read /vasr/mail/array
from: can't read /var/mail/random
9: Syntax error: '(' unexpected (expecting 'do')
I also tried it as a remote exploit from one machine to another which
was my original intenetion but I failed to mention it in my original
post. I wanted to find some code where I could do something like:
python buffer.py > 192.160.0.2 That also forced python to close.
Is there a way to do something like that? Also, can you explain
bufferobjet.c?
Thanks
donoli.
#######################
donoli
<Logiplex...@earthlink.net> wrote:
>
>
>If you want to know about known buffer overflow exploits in various
>applications and OS's, search Google and read some of the voluminous
>documentation you will find there.
>
>
>BTW, Steve didn't buy that crystal ball on ebay, those ones are fake.
###################
Those codes never compile correctly.
donoli
###################
Peter Hansen
>
> I also tried it as a remote exploit from one machine to another which
> was my original intenetion but I failed to mention it in my original
> post.
That's no problem... we inferred it anyway.
> I wanted to find some code where I could do something like:
> python buffer.py > 192.160.0.2 That also forced python to close.
>
> Is there a way to do something like that? Also, can you explain
> bufferobjet.c?
Sounds like a French implementation of the Buffer object, to me...
-Peter
Martin Maney
> [donoli]
>> I have two machines, FreeBSD 4,2 and W2K pro. I'd like to test the
>> security on both of them against a buffer overflow. If someone has
>> the code in python for a buffer overflow, please post it.
>> donoli.
>
> [Martin v. Loewis]
>> Python does not support buffer overflows, sorry.
>
> [pma...@pobox.com]
No 'p' there, and I thought I configured that. Hmph.
>> I'm sure they could be added by a C extension module.
>
> They already were
And here I thought I was making a funny.
> and, curiously enough, by the builtin bufferobject.c.
> That supplies the builtin, little understood, and easily abused buffer
> object. For fun, run this: [...]
Am I missing something a little more descriptive than the brief blurb
in the Library Reference, or is this thing intended to be undocumented?
> Some of the smarest people I know have refused to fix this <wink>.
If I've guessed the purpose of this little monster, there's probably
not any way to fix it without losing its reason for being. So, what's
it used for, aside from breaking my feeble attempt at a joke?
Manuel M. Garcia
wrote:
If I was drinking milk, it would have shot out of my nose!
Manuel