On Thu, 2016-11-24 at 14:59 +0100, Raphael Hertzog wrote: > Hi, > > On Tue, 22 Nov 2016, Ola Lundqvist wrote: [...] > > Also I have in other discussions got the impression that gcc nowadays have > > some kind of heap protection that prevent overwrite of data causing > > arbitrary code execution. I may be wrong however. > > Looking at hdf5 in wheezy, I don't see any hardening feature enabled. I > wonder where you saw that gcc has such protections by default in Debian. [...] glibc (not gcc) has heap hardening. (Of course, this doesn't help libraries that use their own heap.) I've previously been told that this makes it impractical to achieve code execution through a heap overflow. Ben. -- Ben Hutchings [W]e found...that it wasn't as easy to get programs right as we had thought. ... I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs. - Maurice Wilkes, 1949
Attachment:
signature.asc
Description: This is a digitally signed message part