Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: typo () INFERNO TUSCULUM EDU
Date: Thu, 7 Sep 2000 21:49:19 +0200
On Thu, Sep 07, 2000 at 09:48:37AM +0200, Bluefish (P.Magnusson) wrote:
Which recieves Bluefish's official price for stuff really anoying 'feature'... So I really would like to see a grepprintf script to combat these evil \n in sources :)
this one was mentioned on bugtraq a while ago: http://www.striker.ottawa.on.ca/~aland/pscan/ PScan: A limited problem scanner for C source files also there is my egcs patch to automatically scan for format style bugs while compiling: http://inferno.tusculum.edu/~typo/tesogcc.tgz (also mentioned on bugtraq). Regarding the flames to my mail (removing %n from the glibc): i was a bit annoyed by people presenting very simple/basic solutions as 'research' just because they have a degree, and Im always impressed by the impact the name you give something has on its acceptance.. nontheless i apologize for my initial flame. I agree that the "solution"(?) i presented is far from being perfect, as programs may and will break. But deep inside me i feel that i prefer programs to syslog() and then _exit(-1) when they use a dangerous but not neccesary feature instead of giving attackers access to my system. IMHO Things should break when they're broken by design.. luckily this design flaw (using %n) can easily be worked around at the sourcecode level. Regarding those people that have asked me wether i have removed/replaced %s too, im not sure if this question was a serious one or just ironical to show me the stupidity of breaking standards. In either case the answer is that I have a lot less fear of people reading the memory contents of my (e.g.) httpd, than of them being able to modify memory and thus, possibly, arbitarily altering execution flow. Are there nonpassive(!memory peeking) vulnerabilities related to vfprintf() that i've not heard about yet? If so i'd be very interested in reading more about them. Regards, typo PS: despite the .edu, english isn't my native tongue.. please don't flame me (again) for my writing style.
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 08)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Message not available
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 07)
- Re: stackguard-like embedded protection typo (Sep 07)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 08)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 16)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 16)