This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: malloc: Security implications of tcache

From: Ondřej Bílka <neleai at seznam dot cz>
To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
Cc: libc-alpha at sourceware dot org
Date: Thu, 8 Feb 2018 23:00:40 +0100
Subject: Re: malloc: Security implications of tcache
Authentication-results: sourceware.org; auth=none
References: <1c1360fb-0755-f201-9daf-b64c31c62970@cs.ucsb.edu>

On Thu, Feb 08, 2018 at 01:31:45PM -0800, Moritz Eckert wrote:
> Hey,
> 
> I was wondering if people are aware of the security implications of
> the tcache structure?

Thats pointless, as checks are there just to help developers fix their
errors, nothing more. 

It couldn't prevent anything, attacker could just overwrite pointers of
  user applications for same effect instead relying on this.

References:
- malloc: Security implications of tcache
  - From: Moritz Eckert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]