Dailydave mailing list archives
Re: Dangling pointers exploitation
From: jf <jf () danglingpointers net>
Date: Thu, 26 Jul 2007 00:51:22 +0000 (UTC)
Didnt halvar already talk about unitialized automatic/local variables? and how is a use-after-free condition any different than a double free (other than you get to skip the second free)? On Wed, 25 Jul 2007, Thomas Ptacek wrote:
Date: Wed, 25 Jul 2007 12:02:32 -0500 From: Thomas Ptacek <tqbf () matasano com> To: jf <jf () danglingpointers net> Cc: ergosum () neurosecurity com, dailydave () lists immunitysec com Subject: Re: [Dailydave] Dangling pointers exploitation Unitialized automatic variables and use-after-free variables seem of-a-kind: you have a pointer who's value seems unpredictable but is in fact strongly influenced by the execution environment which is in turn often influenced by inputs and timing. On 7/25/07, jf <jf () danglingpointers net> wrote:Let me just qualify that I was talking about the whole class of wild-pointer bugs.how would it be any different than ptr+overflowed_offset/array[negative_index]/et cetera bugs? perhaps the guys found a new way of reliably exploiting a very specific form of dangling pointer bugs, but i dont see how it could possibly qualify as being a new class of vulns, nor can i think of anyone who has ever said a dangling pointer was a QA issue and not a security issue
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Dangling pointers exploitation ergosum (Jul 24)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Pusscat (Jul 25)
- Re: Dangling pointers exploitation Chris Rohlf (Jul 25)
- Re: Dangling pointers exploitation Matt (Jul 25)
- Re: Dangling pointers exploitation pageexec (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation pageexec (Jul 25)
- Re: Dangling pointers exploitation Tyler Krpata (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)