|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Future of buffer overflows ?
From: David Wagner (daw
MOZART.CS.BERKELEY.EDU)Date: Wed Nov 08 2000 - 15:30:42 CST
- Next message: Olle Segerdahl: "Oracle USER$ password hashes"
- Previous message: Daniel Roesen: "Re: Possible DOS in Bind 8.2.2-P5"
- In reply to: Bluefish (P.Magnusson): "Re: Future of buffer overflows ?"
- Reply: David Wagner: "Re: Future of buffer overflows ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bluefish (P.Magnusson) wrote:
>> You might want to think about how dynamic linking fits into this world.
>> (Hint: I think anytime you have dynamic linking, non-exec permissions
>> can be bypassed.)
>
>No, you're wrong. Perhaps todays implementations require it, but it is
>*not* a fundamental requirement for dynamic linking. Basicly you'd write
>the page/segment and then set it none-writeable.
Of course, you can't set it non-writeable until after you've linked in
the dynamic library, so you're assuming that the app is not compromised
until all dynamic libraries have been linked in.
But I take your point. In practice, this seems like the common case.
- Next message: Olle Segerdahl: "Oracle USER$ password hashes"
- Previous message: Daniel Roesen: "Re: Possible DOS in Bind 8.2.2-P5"
- In reply to: Bluefish (P.Magnusson): "Re: Future of buffer overflows ?"
- Reply: David Wagner: "Re: Future of buffer overflows ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]