>I've experienced even more random crashes (SEGV). It turned out to be bad memory (or bus), and it only showed up under pretty heavy load. :(
This is a little OT, but just out of curiosity, has anybody been successful in gaining root/tomcat/whatever-uid shell by capitalizing on a JVM's (not necessarily tomcat's) core dump? I've always wondered if that was possible. I know its extremely hard (impossible?) to "consistently" overflow JVM's stack, but has it ever been done?
I've never heard of anything like this before.
However, Java's "stack" is not what gets overflowed, here. IF the JVM goes down, it's the JVM code that faults, not the Java code itself. Java's stack and heap are pretty far away from anything that's executing.
Generally stack or buffer overflow bugs are exploited because someone corrupted the stack and not only inserted some maliscious code, but also modified the return pointer to call that code. In Java (without native code, at least), I don't think you could intentionally do anything like this. I suppose it you had an evil app connect to a JVM using something like JVMPI, you might be able to do something like this. However, you usually don't have the profiling hooks turned on in production ;)
-chris
signature.asc
Description: OpenPGP digital signature
