Re: CVS commit: src/usr.sbin/rtsold

To: source-changes%netbsd.org@localhost
Subject: Re: CVS commit: src/usr.sbin/rtsold
From: Christoph Badura <bad%bsd.de@localhost>
Date: Sat, 3 Jan 2004 22:48:56 +0100

On Sat, Jan 03, 2004 at 12:39:17PM -0500, Nathan J. Williams wrote:
> I think that the judgement that atexit is "very dangerous" is
> overblown, having looked at the description of the problem. It's
> essentially complaining that there's a function pointer in libc that's
> used by all programs, so a vulnerability is introduced once an
> attacker has gained the ability to overwrite arbitrary locations in
> memory.

Especially when there are more function pointers used by libc.
E.g. the ones in struct FILE, easily locatable via std{in,out,err}.
Or the ones used by the DB library (used, e.g., by the getpw* family
of functions).  And that is only the tip of the iceberg, I'm sure.

This is worse then normal paranoia.  "Fixing" the atexit() machinery and
neglectig the other gazillion interfaces and then claiming to have removed
a class of vulnerabilities is a kind of spin that sets new standards.

--chris

Follow-Ups:
- Re: CVS commit: src/usr.sbin/rtsold
  - From: M. Warner Losh

References:
- re: CVS commit: src/usr.sbin/rtsold
  - From: matthew green
- Re: CVS commit: src/usr.sbin/rtsold
  - From: Perry E. Metzger
- Re: CVS commit: src/usr.sbin/rtsold
  - From: Nathan J. Williams

Prev by Date: CVS commit: src/usr.sbin/dumpfs
Next by Date: Re: CVS commit: src/usr.sbin/rtsold
Previous by Thread: Re: CVS commit: src/usr.sbin/rtsold
Next by Thread: Re: CVS commit: src/usr.sbin/rtsold
Indexes:

Home | Main Index | Thread Index | Old Index