On Thu, 2016-11-24 at 14:59 +0100, Raphael Hertzog wrote:
> On Tue, 22 Nov 2016, Ola Lundqvist wrote:
> > Also I have in other discussions got the impression that gcc nowadays have
> > some kind of heap protection that prevent overwrite of data causing
> > arbitrary code execution. I may be wrong however.
> Looking at hdf5 in wheezy, I don't see any hardening feature enabled. I
> wonder where you saw that gcc has such protections by default in Debian.
glibc (not gcc) has heap hardening. (Of course, this doesn't help
libraries that use their own heap.) I've previously been told that
this makes it impractical to achieve code execution through a heap
[W]e found...that it wasn't as easy to get programs right as we had
... I realized that a large part of my life from then on was going to
in finding mistakes in my own programs. - Maurice Wilkes, 1949