Dailydave mailing list archives

Re: Dangling pointers exploitation

From: "Tyler Krpata" <krpatasec () gmail com>
Date: Wed, 25 Jul 2007 18:11:03 -0400

Keeping in mind that "uninitialized" and "previously valid" have some
important differences.

On 7/25/07, Thomas Ptacek <tqbf () matasano com> wrote:

I'm not sure "saved return address on the stack" is the real vector
for uninitialized variables.

On 7/25/07, pageexec () freemail hu <pageexec () freemail hu> wrote:

On 25 Jul 2007 at 12:02, Thomas Ptacek wrote:

you have a pointer who's value seems unpredictable but is
in fact strongly influenced by the execution environment which is in
turn often influenced by inputs and timing.


such as... a saved return address on the stack? isn't that kinda old
news these days? ;-)



--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Dangling pointers exploitation, (continued)
- - - Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
    - Re: Dangling pointers exploitation jf (Jul 25)
    - Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
    - Re: Dangling pointers exploitation jf (Jul 25)
    - Re: Dangling pointers exploitation Pusscat (Jul 25)
    - Re: Dangling pointers exploitation Chris Rohlf (Jul 25)
    - Re: Dangling pointers exploitation Matt (Jul 25)
    - Re: Dangling pointers exploitation pageexec (Jul 25)
    - Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
    - Re: Dangling pointers exploitation pageexec (Jul 25)
    - Re: Dangling pointers exploitation Tyler Krpata (Jul 25)
- Re: Dangling pointers exploitation Alexander Sotirov (Jul 25)