This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH v4] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- From: Florian Weimer <fweimer at redhat dot com>
- To: Alex Dowad <alexinbeijing at gmail dot com>, libc-alpha at sourceware dot org
- Date: Thu, 13 Aug 2015 19:53:56 +0200
- Subject: Re: [PATCH v4] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- Authentication-results: sourceware.org; auth=none
- References: <1439229868-20746-1-git-send-email-alexinbeijing at gmail dot com>
On 08/10/2015 08:04 PM, Alex Dowad wrote:
> C programs which use uninitialized stack variables can be exploited if an attacker
> can control the contents of memory where the buggy function's stack frame lands.
> If the buggy function is called very early in the program's execution, that memory
> might still hold values written by ld.so, so manipulation of ld.so is one way to
> carry out such an exploit.
Could you write a test case for this in some way? I wonder what else
ends up on the stack.
Florian Weimer / Red Hat Product Security