This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Pointer guard for static binaries?


> Roland McGrath wrote:
> > It's not clear to me why x86-64 should put the global
> > pointer-guard value in tcbhead_t, given that's it's only used in libc.so
> > and so a local symbol there could be used.
> 
> Because it is so easy to access the value it is a weakness.  The TCB
> address is not at a constant relative address to the libc code and
> therefore accessing the value is much harder.

Really?  If you have exploit code running, can't it use %fs:N easily enough?
That N is even constant across many libc builds that may well place the
local data slot at different offsets from some other bit of code.


Thanks,
Roland


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]