Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
nasm: Buffer overflow vulnerability
Posted Jan 6, 2005 2:12 UTC (Thu) by akumria (subscriber, #7773)
Posted Apr 21, 2005 22:23 UTC (Thu) by jzbiciak (✭ supporter ✭, #5246)
If you're building someone else's source and you don't trust that person, it seems like having a buffer overflow in your assembler is the least of your worries.
Posted May 5, 2005 9:28 UTC (Thu) by nix (subscriber, #2304)
If you're in the habit of assembling code on one machine and running it on another, then this might expose the first machine to attack, I suppose. Nonetheless, this isn't a hole I'd be too terribly worried about. :)
Posted May 5, 2005 14:55 UTC (Thu) by proski (subscriber, #104)
Of course, if you _run_ a program, you're authorizing the programmer to
take control of your account; but the NASM documentation does not say
that merely _assembling_ a program can have this effect. It's easy to
imagine situations in which a program is run inside a jail but assembled
outside the jail; this NASM bug means that the jail is ineffective.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds