--ZVOC9e0LfXEId8h2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 07, 2006 at 10:19:14AM -0800, Jason Thorpe wrote:
> On Nov 7, 2006, at 10:16 AM, Thor Lancelot Simon wrote:
> >As Christos pointed out to me elsewhere, we can't really provide an
> >interface by which alloca() can move the canary and inform the parent,
> >because exploit code could use that interface, too.  :-/
> Uh, even without an interface to do it, exploit code could certainly =20
> move the canary anyway, right?

I think the height of the bar over which the exploit Thor describes
must jump is uniformly lower than the height of the bar over which
the exploit you describe must jump, Jason.

Am I missing something?

(Yes, "height of the bar" is reducible to "degree of obscurity of the
security hole", but still...)

--=20
gabriel rosenkoetter
gr@eclipsed.net

--ZVOC9e0LfXEId8h2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFUpff9ehacAz5CRoRAhEJAJ9gTFvNBMPfO6oVrBSZGNTh2QlVMQCdHf8A
3Mpo2exZCSkBCPoRByM9/Ns=
=3w2v
-----END PGP SIGNATURE-----

--ZVOC9e0LfXEId8h2--