Vulnerability Development mailing list archives
Re: Future of buffer overflows ?
From: David Wagner <daw () MOZART CS BERKELEY EDU>
Date: Wed, 8 Nov 2000 21:30:42 GMT
Bluefish (P.Magnusson) wrote:
You might want to think about how dynamic linking fits into this world. (Hint: I think anytime you have dynamic linking, non-exec permissions can be bypassed.)No, you're wrong. Perhaps todays implementations require it, but it is *not* a fundamental requirement for dynamic linking. Basicly you'd write the page/segment and then set it none-writeable.
Of course, you can't set it non-writeable until after you've linked in the dynamic library, so you're assuming that the app is not compromised until all dynamic libraries have been linked in. But I take your point. In practice, this seems like the common case.
Current thread:
- Re: Future of buffer overflows ? Thomas Dullien (Nov 03)
- Re: Future of buffer overflows ? Crispin Cowan (Nov 04)
- Re: Future of buffer overflows ? Michael H. Warfield (Nov 05)
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 06)
- Re: Future of buffer overflows ? Granquist, Lamont (Nov 06)
- <Possible follow-ups>
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 05)
- Re: Future of buffer overflows ? Thomas Dullien (Nov 05)
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 09)
- Re: Future of buffer overflows ? David Wagner (Nov 10)