Dailydave mailing list archives
Re: Dangling pointers exploitation
From: pageexec () freemail hu
Date: Wed, 25 Jul 2007 21:29:43 +0200
On 25 Jul 2007 at 14:03, Thomas Ptacek wrote:
I'm not sure "saved return address on the stack" is the real vector for uninitialized variables.
it is not, nor were you talking about unitialized variables per se, but this entirely 'new' class of bugs of wild pointers, which according to you means:
you have a pointer who's value seems unpredictable but is in fact strongly influenced by the execution environment which is in turn often influenced by inputs and timing.
you tell me why an overwritten return address doesn't qualify ;). _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Dangling pointers exploitation, (continued)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Pusscat (Jul 25)
- Re: Dangling pointers exploitation Chris Rohlf (Jul 25)
- Re: Dangling pointers exploitation Matt (Jul 25)
- Re: Dangling pointers exploitation pageexec (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation pageexec (Jul 25)
- Re: Dangling pointers exploitation Tyler Krpata (Jul 25)