heya,

have a look at this paper:

http://www.milw0rm.com/papers/55

it tells some nice way how to use linux-gate

regards, 0xf001

hehe, that method is a bit out of date on later fedora core releases, as they randomise linux-gate.so.1 now (random mmap() base along with random library loading), and apparently fc5 has ssp enabled as well.. haven't looked too much @ fc5 yet, however.

Oh, and a plug for another project of mine: http://blacksun.labs.pulltheplug.org.

To copy and paste from the website:

"""
blacksun is a PullThePlug wargame that is meant to help people learn more advanced exploitation techniques against hardened hosts and environments.

It is implemented by PaX patches, and the Hardened Gentoo project.
"""

I need to get back to this and write some more levels / do some more stuff on it.

hi andrewg,

i have some deb boxes to play with it - and its a nice exercise

fedora does good work on security enhancements, i've realised that, olthough
i never "liked" red hat (for almost no real reason), and I don't like out of the
box kernels as well (for the same reason haha).

blacksun .... since i never can play with catalyst .... , that sounds like a good project to me, and quite a challenge reading about the security enhancements.

keep us informed!

regards,

0xf001