Bugtraq: Re: [ANNOUNCE] glibc heap protection patch

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [ANNOUNCE] glibc heap protection patch

From: William Robertson <wkr () cs ucsb edu>
Date: Wed, 3 Dec 2003 14:25:09 -0800

On Dec 03, 2003, at 05:01, Stefan Esser wrote:

The last time I checked there was no such check in the unlink macro(no matter if debug mode or not).

Ah, ok, I see what you meant. The check I was referring to wasn't inthe unlink macro, but in one of dlmalloc's debugging routines. If youmove it into unlink itself, then it does indeed prevent all unlinkexploits, as you say. I agree that a combination of the two techniqueswould theoretically be stronger than each on its own, but I alsobelieve that using properly randomized magic numbers in practiceguarantees that chunk headers cannot be tampered with. However, you doget a lot for this simple check, so it makes sense to include it.


Thanks for pointing that out.

Stefan Esser


--
William Robertson
Reliable Software Group, UC Santa Barbara
http://www.cs.ucsb.edu/~wkr/

By Date By Thread

Current thread:

[ANNOUNCE] glibc heap protection patch William Robertson (Dec 01)
- Re: [ANNOUNCE] glibc heap protection patch Stefan Esser (Dec 02)
  - Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 02)
    - Re: [ANNOUNCE] glibc heap protection patch Stefan Esser (Dec 03)
    - Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 03)
- Re: [ANNOUNCE] glibc heap protection patch Eugene Tsyrklevich (Dec 02)
  - Re: [ANNOUNCE] glibc heap protection patch William Robertson (Dec 02)
    - Re: [ANNOUNCE] glibc heap protection patch Han Boetes (Dec 03)
    - Re: [ANNOUNCE] glibc heap protection patch Adam Shostack (Dec 04)
    - Re: [ANNOUNCE] glibc heap protection patch Jim Knoble (Dec 04)