Quote: Original post by doynaxQuote: Original post by WinogradNo, you normally don't get to keep the memory contents. However you can flag a memory area as inheritable when allocating it (specify MAP_INHERIT to mmap() calls).
Is the new process and it's data and bss sections allocated to the same pages than the old process? I mean that if the old process had written something to address x and the new process has not overwritten it yet, then can it be recovered by the new process? This is probably highly dependant on the implementation of the exec family functions (and/or kernel)... but let's say we are on gnu/linux 2.6, an we have sufficiently new glibc (>=2.3)..
Ok.. altough GNU libc does not document such flag (MAP_INHERIT).
So basicly, I could write some shellcode (refering to buffer overflow thread) into inheritable page. Set that page all the permissions I want. Then I would use exec to replace my exploitation process with the vulnerable process and overflow the stack and point the return address to the inherited page where my shellcode is located at. Correct?