Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: Juliano Rizzo <jrz () MAIL RU>
Date: Wed, 6 Sep 2000 13:38:29 -0300
Date sent: Tue, 5 Sep 2000 17:09:20 +0200 Send reply to: typo () INFERNO TUSCULUM EDU From: typo () INFERNO TUSCULUM EDU Subject: Re: stackguard-like embedded protection Originally to: "Bluefish (P.Magnusson)" <11a () GMX NET> To: VULN-DEV () SECURITYFOCUS COM [..]
where's the need for research? i've made glibc rpms without %n the day the first format bugs went to bugtraq, and had them installed on all of my [linux] machines since then...
You didn't fix the whole problem in that way. Did you patch the glibc's printf internal overflows? Did you delete de %s functionality too? how do you protect from exploiting format strings to read data from memory? Doesn't any program use the %n or %hn? That could be an "emergency fix", not a real solution.
does every stupid idea have to be marketed as 'research' nowadays?
-- Juliano Rizzo <juliano () core-sdi com> http://www.core-sdi.com julianor.tripod.com
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection antirez (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection typo (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection Benjamin Karas (Sep 05)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection Juliano Rizzo (Sep 06)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection H D Moore (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Slawek (Sep 07)
- Re: stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Message not available
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 12)