This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: malloc: Security implications of tcache
- From: Ondřej Bílka <neleai at seznam dot cz>
- To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 8 Feb 2018 23:00:40 +0100
- Subject: Re: malloc: Security implications of tcache
- Authentication-results: sourceware.org; auth=none
- References: <1c1360fb-0755-f201-9daf-b64c31c62970@cs.ucsb.edu>
On Thu, Feb 08, 2018 at 01:31:45PM -0800, Moritz Eckert wrote:
> Hey,
>
> I was wondering if people are aware of the security implications of
> the tcache structure?
Thats pointless, as checks are there just to help developers fix their
errors, nothing more.
It couldn't prevent anything, attacker could just overwrite pointers of
user applications for same effect instead relying on this.