Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Crispin Cowan (crispinwirex.com)
Date: Wed Nov 14 2001 - 12:59:51 CST
David Wagner wrote:
>If your network daemon has lots of reachable, live code, that tends to
>be bad for security, I suspect we can all agree. However, I find it
>hard to see why having lots of dead code should be bad for security.
>Maybe I'm missing something?
If your network code has overflowable buffers or format bugs, and you
are employing non-executable stack (OWL) and heap (PAX) protection, then
the pile of dead code makes nice targets for "return into libc" style
Another way of looking at it: in type-unsafe programming languages, no
code that is in your address space is dead code.
-- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html