RFC: Longjmp vs LD_POINTER_GUARD revisited
Paul Pluzhnikov
ppluzhnikov@google.com
Mon Nov 16 15:40:00 GMT 2009
On Mon, Nov 16, 2009 at 7:13 AM, Frank Ch. Eigler <fche@redhat.com> wrote:
> Well, it's nothing personal. If glibc made it trivial decrypt this
> stuff on demand, it'd be just as easy for an attacker.
That's exactly my point: the process itself can trivially discover the
problem by executing two setjmps with known resume addresses (an
implementation I did in my previous job (for a Valgrind-like checker)
took less than 20 lines of assembly), so I wonder how much of a
deterrent this really is.
> Maybe this is a case for something akin to libthread_db.
Hmm, libc_db to subsume libthread_db, and answer all kinds of
questions about glibc internals; wouldn't GDB's life be easier! OTOH,
if the sysadmin is not careful to remove libc_db from a production
system, then the attacker could just dlopen libc_db and hack away.
--
Paul Pluzhnikov
More information about the Gdb-patches
mailing list