Re: Writing Secure code

From: Valdis.Kletnieksat_private
Date: Fri Dec 27 2002 - 12:50:43 PST

Next message: Roger Alexander: "RE: Writing Secure code"

Previous message: Dana Epp: "Re: Writing Secure code"
In reply to: Jeremy Epstein: "RE: Writing Secure code"
Next in thread: John Viega: "Re: Writing Secure code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 27 Dec 2002 12:46:05 EST, Jeremy Epstein <jepsteinat_private>  said:

> main() { exit(0); }
> 
> is completely secure and not exploitable.  Beyond that, you're on your own

Wrong.

If you don't link it statically, it's vulnerable to a shared library replacement
of the exit() function in libc.  This type of error is the basis of all
the LD_* exploits.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Next message: Roger Alexander: "RE: Writing Secure code"
Previous message: Dana Epp: "Re: Writing Secure code"
In reply to: Jeremy Epstein: "RE: Writing Secure code"
Next in thread: John Viega: "Re: Writing Secure code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 22:05:05 PST