This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug nptl/22850] Stack protector easy to bypass


https://sourceware.org/bugzilla/show_bug.cgi?id=22850

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P2                          |P3
                 CC|                            |carlos at redhat dot com
           Severity|normal                      |enhancement

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
This is a "known issue" and has been reported several times in the past,
including this 2013 public post on exactly this issue of TCB overwrite and
stack canary changing:

"TCB overwrite" 
http://bases-hacking.org/tcb-overwrite.html

I agree with both of your comments, that moving the TCB away from the stack
would help, and so would changing the canary value more often. Though these
would require more consideration since the have an impact on core structures
and algorithms.

I'm marking this as an 'enhancement' bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]