This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v4] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG

From: Florian Weimer <fweimer at redhat dot com>
To: Alex Dowad <alexinbeijing at gmail dot com>, libc-alpha at sourceware dot org
Date: Thu, 13 Aug 2015 19:53:56 +0200
Subject: Re: [PATCH v4] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
Authentication-results: sourceware.org; auth=none
References: <1439229868-20746-1-git-send-email-alexinbeijing at gmail dot com>

On 08/10/2015 08:04 PM, Alex Dowad wrote:
> C programs which use uninitialized stack variables can be exploited if an attacker
> can control the contents of memory where the buggy function's stack frame lands.
> If the buggy function is called very early in the program's execution, that memory
> might still hold values written by ld.so, so manipulation of ld.so is one way to
> carry out such an exploit.

Could you write a test case for this in some way?  I wonder what else
ends up on the stack.

-- 
Florian Weimer / Red Hat Product Security

References:
- [PATCH v4] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
  - From: Alex Dowad

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]