Vulnerability Development mailing list archives

Re: Future of buffer overflows ?

From: David Wagner <daw () MOZART CS BERKELEY EDU>
Date: Wed, 8 Nov 2000 21:30:42 GMT

Bluefish (P.Magnusson) wrote:

You might want to think about how dynamic linking fits into this world.
(Hint: I think anytime you have dynamic linking, non-exec permissions
can be bypassed.)


No, you're wrong. Perhaps todays implementations require it, but it is
*not* a fundamental requirement for dynamic linking. Basicly you'd write
the page/segment and then set it none-writeable.


Of course, you can't set it non-writeable until after you've linked in
the dynamic library, so you're assuming that the app is not compromised
until all dynamic libraries have been linked in.

But I take your point.  In practice, this seems like the common case.

Current thread:

Re: Future of buffer overflows ? Thomas Dullien (Nov 03)
- Re: Future of buffer overflows ? Crispin Cowan (Nov 04)
- Re: Future of buffer overflows ? Michael H. Warfield (Nov 05)
  - Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 06)
- Re: Future of buffer overflows ? Granquist, Lamont (Nov 06)
- <Possible follow-ups>
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 05)
- Re: Future of buffer overflows ? Thomas Dullien (Nov 05)
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 09)
  - Re: Future of buffer overflows ? David Wagner (Nov 10)