Re: Security in general (was Re: Proposal "LUID")

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Fri Apr 21 2000 - 07:23:46 EST

Next message: Alan Cox: "Re: 2.2.15pre19 and screen"
Previous message: Keith Owens: "Announce: modutils 2.3.11 is available - the debugger's helper"
In reply to: Andrew Morton: "Re: Security in general (was Re: Proposal "LUID")"
Next in thread: yoann@mandrakesoft.com: "Re: Security in general (was Re: Proposal "LUID")"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> reliably. But it relies upon being able to determine the frame limits
> of strcpy()'s caller. So -fomit-frame-pointer will, it appears, stop it
> working. Vendors (Mandrake at least) are currently shipping
> frame-pointerless shared libs.

The frame pointer is not a safe way to find the end of a buffer. You can
easily have

char buf[256];
void *ptr;

in the stack frame and indirectly overwrite ptr without going out of the
frame. Since the code then writes to ptr you can do a two step buffer
overrun.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: 2.2.15pre19 and screen"
Previous message: Keith Owens: "Announce: modutils 2.3.11 is available - the debugger's helper"
In reply to: Andrew Morton: "Re: Security in general (was Re: Proposal "LUID")"
Next in thread: yoann@mandrakesoft.com: "Re: Security in general (was Re: Proposal "LUID")"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:18 EST