Dailydave mailing list archives

Re: Dangling pointers exploitation

From: pageexec () freemail hu
Date: Wed, 25 Jul 2007 21:29:43 +0200

On 25 Jul 2007 at 14:03, Thomas Ptacek wrote:

I'm not sure "saved return address on the stack" is the real vector
for uninitialized variables.


it is not, nor were you talking about unitialized variables per se,
but this entirely 'new' class of bugs of wild pointers, which according
to you means:

you have a pointer who's value seems unpredictable but is
in fact strongly influenced by the execution environment which is in
turn often influenced by inputs and timing.


you tell me why an overwritten return address doesn't qualify ;).

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Dangling pointers exploitation, (continued)
- - Re: Dangling pointers exploitation jf (Jul 25)
    - Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
    - Re: Dangling pointers exploitation jf (Jul 25)
    - Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
    - Re: Dangling pointers exploitation jf (Jul 25)
    - Re: Dangling pointers exploitation Pusscat (Jul 25)
    - Re: Dangling pointers exploitation Chris Rohlf (Jul 25)
    - Re: Dangling pointers exploitation Matt (Jul 25)
    - Re: Dangling pointers exploitation pageexec (Jul 25)
    - Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
    - Re: Dangling pointers exploitation pageexec (Jul 25)
    - Re: Dangling pointers exploitation Tyler Krpata (Jul 25)
- Re: Dangling pointers exploitation Alexander Sotirov (Jul 25)