Bugtraq mailing list archives
Re: [ANNOUNCE] glibc heap protection patch
From: Stefan Esser <se () nopiracy de>
Date: Thu, 04 Dec 2003 12:10:05 +0100
xenophi1e wrote:
This question seems more complex than 'Feel free to demonstrate me an unlink exploit that works while my unlink macro is in place'. But I have to admit my own ignorance here, I can't say for certain whether an attacker who passes the test in your macro is left in a situation where an exploit is possible.
Fact is my macro makes arbitrary pointer overwrites with unlink() impossible. The magic value approach just makes it harder. You need to guess a 32bit value. Even if this is totally random it is theoreticly possible to exploit the unlink() macro in that case. And do not forget the power of information leak exploits.
Just an example: The gamecube was hacked by an information leak exploit. A crc feature the Phantasy Star Online game allows to request checksums of arbitrary memory positions (and sizes). So it was possible for the smart guy who did it, to create a complete memory dump from
remote. In that case your magic values are worthless... Stefan Esser
Current thread:
- Re: [ANNOUNCE] glibc heap protection patch, (continued)
- Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 02)
- Re: [ANNOUNCE] glibc heap protection patch Stefan Esser (Dec 03)
- Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 03)
- Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 02)
- Re: [ANNOUNCE] glibc heap protection patch Eugene Tsyrklevich (Dec 02)
- Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 02)
- Re: [ANNOUNCE] glibc heap protection patch Han Boetes (Dec 03)
- Re: [ANNOUNCE] glibc heap protection patch Adam Shostack (Dec 04)
- Re: [ANNOUNCE] glibc heap protection patch Jim Knoble (Dec 04)
- Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 02)
- Message not available
- Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 04)
- Re: [ANNOUNCE] glibc heap protection patch Stefan Esser (Dec 04)
- Re: [ANNOUNCE] glibc heap protection patch Troed SĂ„ngberg (Dec 04)