[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Avice about the importance of heap overflow in hdf5

On Thu, 2016-11-24 at 14:59 +0100, Raphael Hertzog wrote:
> Hi,
> On Tue, 22 Nov 2016, Ola Lundqvist wrote:
> > Also I have in other discussions got the impression that gcc nowadays have
> > some kind of heap protection that prevent overwrite of data causing
> > arbitrary code execution. I may be wrong however.
> Looking at hdf5 in wheezy, I don't see any hardening feature enabled. I
> wonder where you saw that gcc has such protections by default in Debian.

glibc (not gcc) has heap hardening.  (Of course, this doesn't help
libraries that use their own heap.)  I've previously been told that
this makes it impractical to achieve code execution through a heap


Ben Hutchings
[W]e found...that it wasn't as easy to get programs right as we had
... I realized that a large part of my life from then on was going to
be spent
in finding mistakes in my own programs. - Maurice Wilkes, 1949

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: