From mboxrd@z Thu Jan  1 00:00:00 1970
From: James Courtier-Dutton <James@superbug.co.uk>
Subject: Re: Possible exploit potential in dosemu.
Date: Mon, 23 Oct 2006 16:52:05 +0100
Message-ID: <453CE525.3030804@superbug.co.uk>
References: <45376106.3040104@superbug.co.uk> <c3d607cc0610230531m3a0c79ceh19e32293385add79@mail.gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-msdos-owner@vger.kernel.org>
In-Reply-To: <c3d607cc0610230531m3a0c79ceh19e32293385add79@mail.gmail.com>
Sender: linux-msdos-owner@vger.kernel.org
List-Id: <linux-msdos.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: Bart Oldeman <bartoldeman@gmail.com>
Cc: linux-msdos@vger.kernel.org

Bart Oldeman wrote:
> On 10/19/06, James Courtier-Dutton <James@superbug.co.uk> wrote:
>> The dosemu binary has a rwx stack segment, so this means that
>> instructions can be placed on the stack and executed.
>> This makes it a lot easier to exploit than in the stack was rw-
>>
>> The source objects src/env/video/remap_asm.o and
>> src/env/video/vesabios_pm.o cause this.
>
> There were actually a few other files too, namely the 16bit bios.o and
> vesabios.o files; those were not found by the tool you referred too.
> Not surprisingly because they were linked in a strange way.
>
> It's been corrected in SVN changes 1622 and 1623.
>
> Thanks,
> Bart
Thank you. It is an easy thing to fix, and makes it considerably more 
difficult for a cracker to develop and exploit.