Bugtraq mailing list archives

Re: modifing libc to discover gets()/sprintf() calls

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Thu, 30 Jan 1997 21:28:55 +0000

The only big problem I is that any difference between the libc.a and
the running libc.so shared library would become painfully obvious
after creating and installing the new shared library with the
printf modifications.


Well one other approach would be to use some kind of ELF extension to
mark a symbol of type 'text, insecure'. Then the linker would link the binary
and report

fooprog: symbol _gets is insecure
fooprog: symbol _sprintf is insecure

Alan

Current thread:

modifing libc to discover gets()/sprintf() calls Chris Sheldon (Jan 29)
- Re: modifing libc to discover gets()/sprintf() calls Julian Assange (Jan 30)
- Re: modifing libc to discover gets()/sprintf() calls Alan Cox (Jan 30)