Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
I wonder why such attacks are still relevant - just about every modern processor now allows you to mark only code pages as executable and read-only (NX bit and the like).
Security in the 20-teens
Posted Feb 5, 2010 13:30 UTC (Fri) by tialaramex (subscriber, #21167)
Suppose the buffer that you overflow is next to a variable named 'fd'. You replace the file descriptor of a file being written with that of an open network connection, and suddenly data intended to stay local pours uncontrollably out onto the Internet...
The moment progam behaviour deviates from what was intended by the programmer / user you have a potential security hole. If you're lucky it amounts to nothing, and you can invent countermeasures to make that more likely, but it's not safe to bet on it, and the more resourceful and determined the attacker, the more certain they'll find a way to make it work.
Posted Feb 8, 2010 22:55 UTC (Mon) by mrdoghead (guest, #61360)
Posted Feb 11, 2010 9:36 UTC (Thu) by renox (subscriber, #23785)
For a security perspective, the PNG decoder shouldn't have access to network sockets..
>And inside a web browser (the most obvious thing to attack) the idea of "non-executable" is laughable.
Agreed, that's why Chrome's design is really a nice change here, even if it doesn't go far enough: AFAIK Flash isn't properly 'shielded' from the rest of the system..
Posted Feb 11, 2010 14:32 UTC (Thu) by anselm (subscriber, #2796)
For a security perspective, the PNG decoder shouldn't have
access to network sockets..
The PNG decoder shouldn't be allowed to open new network sockets.
However, a file descriptor open for reading is a file descriptor open for
reading. It doesn't matter much whether there is a disk or a web server at
the other end.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds