Subject: Re: ssp and gcc-4.1
To: None <firstname.lastname@example.org, email@example.com>
From: gabriel rosenkoetter <firstname.lastname@example.org>
Date: 11/08/2006 21:52:15
Content-Type: text/plain; charset=us-ascii
On Tue, Nov 07, 2006 at 10:19:14AM -0800, Jason Thorpe wrote:
> On Nov 7, 2006, at 10:16 AM, Thor Lancelot Simon wrote:
> >As Christos pointed out to me elsewhere, we can't really provide an
> >interface by which alloca() can move the canary and inform the parent,
> >because exploit code could use that interface, too. :-/
> Uh, even without an interface to do it, exploit code could certainly =20
> move the canary anyway, right?
I think the height of the bar over which the exploit Thor describes
must jump is uniformly lower than the height of the bar over which
the exploit you describe must jump, Jason.
Am I missing something?
(Yes, "height of the bar" is reducible to "degree of obscurity of the
security hole", but still...)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (FreeBSD)
-----END PGP SIGNATURE-----