Vulnerability Development mailing list archives
Re: static char overflow
From: Shaun Clowes <shaun () securereality com au>
Date: Sat, 04 May 2002 17:24:40 +1000
This has to be the case, since .dtors is always initialized. Initialized data cannot be put after the end of p_filesz within that segment. Mhh... if one is very odd he can construct a valid ELF file with three segments that has the .dtors section after the .bss section in memory, but no linker will do that on its own ;)
Incidentally this is one of the worst and best features of ELF, the specification is very flexible and valid ELF files can be constructed in all sorts of ways but the ELF loaders usually only cater for the simplest. While an executable could easily be created with any number of 'bss' sections at the end of segments it wouldn't actually work on some operating systems, in particular the Linux ELF loader (in all the versions I've seen) allows only one bss which must be at the end of the address space mapped in the segments, if you create a segment following a segment with a bss on the end the bss space is not actually allocated and accesses on it will segfault.
Cheers, Shaun
Current thread:
- static char overflow melsa (May 01)
- Re: static char overflow SpaceWalker (May 02)
- <Possible follow-ups>
- Re: static char overflow - OUAH - (May 02)
- Re: static char overflow Sebastian (May 02)
- Re: static char overflow SpaceWalker (May 02)
- Re: static char overflow Sebastian (May 03)
- Re: static char overflow Sebastian (May 02)
- Re: static char overflow Shaun Clowes (May 04)