andi- has quit [Remote host closed the connection]
andi- has joined #spectrum
<MichaelRaskin>
pie_: to be able to do that without knowing the clone syscall ID, you need to have some script execution injection. Generating the process ontent might be less trivial if no script interepreter is at a known path. (Yes, this needs replacing /bin/sh location in system() in glibc)
<MichaelRaskin>
(just in case, I do have a secondary IRC client living on VPS in this room so I will see the reply after I close the main one)
MichaelRaskin has quit [Quit: MichaelRaskin]
l33 has joined #spectrum
l33 has quit [Remote host closed the connection]
l33 has joined #spectrum
ehmry has quit [Ping timeout: 268 seconds]
ehmry has joined #spectrum
<qyliss>
I've never thought about permuting syscalls, but that's a really neat idea
<pie_>
also soundsrelatively obscure so it might be good for googling for good stuff >:D
ehmry- has joined #spectrum
ehmry has left #spectrum [#spectrum]
ehmry- is now known as ehmry
ehmry_ has joined #spectrum
ehmry_ has quit [Client Quit]
l33 has quit [Remote host closed the connection]
<IdleBot_bf4161f7>
I tried searching… and I am not sure I find anything. Maybe it is an idea with such a ratio of obviousness to build toolchain pain that nobody ever writes it down
MichaelRaskin has joined #spectrum
<MichaelRaskin>
For complete madness, we can learn from the great accidental-display protection technology called EBCDIC, and build the script interpreters with permuted Unicode codepoints…
<qyliss>
lmao
<MichaelRaskin>
One is welcome to exploit remote code execution flaws, but please rest informed that all normal syscall numbers and all normal script texts just crash immediately
<MichaelRaskin>
(of course, one could consider just crashing the entire VM for a good measure, and having a dozen with different permutations, just to make things less boring)