Bugtraq: Re: modifing libc to discover gets()/sprintf() calls

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: modifing libc to discover gets()/sprintf() calls

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Thu, 30 Jan 1997 21:28:55 +0000

The only big problem I is that any difference between the libc.a and
the running libc.so shared library would become painfully obvious
after creating and installing the new shared library with the
printf modifications.


Well one other approach would be to use some kind of ELF extension to
mark a symbol of type 'text, insecure'. Then the linker would link the binary
and report

fooprog: symbol _gets is insecure
fooprog: symbol _sprintf is insecure

Alan

By Date By Thread

Current thread:

modifing libc to discover gets()/sprintf() calls Chris Sheldon (Jan 29)
- Re: modifing libc to discover gets()/sprintf() calls Julian Assange (Jan 30)
- Re: modifing libc to discover gets()/sprintf() calls Alan Cox (Jan 30)