Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

glibc pedant

From: silvio () big net au (silvio () big net au)
Date: Sun, 15 Sep 2002 04:15:19 -0700
glibc 2.1.3

/* Initialization routine. */
#if defined(_LIBC)
#if 0
static void ptmalloc_init __MALLOC_P ((void)) __attribute__ ((constructor));
#endif

[ skip ]

 if(__malloc_initialized >= 0) return;
  __malloc_initialized = 0;


<sarcasm>
hmm..  well, notice that there is no synchronization for this - experts
call that a race condition.
</sarcasm>

<serious>
the constructor part is interesting.. since it would have been forcibly
serialized (asusming ctors are serialized).

exploitable.. i doubt it, but someone can try I guess.

known.. but its mainly pedantic I guess.
</serious>

<pedant>
i might start a pedantic security mailing list one day possibly.. Have to
think about it first, document it, and then think about it some more
again.  Hmm.. wait, that's not the best approach to take for this particular
issue *ponder*.
</pedant>

--
Silvio
Previous By Date Next
Previous By Thread Next

Current thread: