C considered harmful: was Debian attacker may have used new exploit
Peter Hiscocks
phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org
Thu Dec 4 23:54:54 UTC 2003
Dynamic code generation (program writes code then jumps to it) sounds like a
really useful facility for virus writers, trojan horses and worms. In what
circumstance is it necessary to have that capability?
Isn't it much safer to have a rigid demarcation between code generation and
code execution? Then the operating system can do run-time checks on the
thing it's about to execute.
Peter
On Thu, Dec 04, 2003 at 06:46:40PM -0500, Henry Spencer wrote:
> But it's not clear to me that this really improves things much. If you
> can overwrite control information, e.g. a function return address -- which
> is generally needed to *exploit* an executable stack or heap -- then you
> can always look around for places where you could branch to existing code
> that happens to do what you want. (For example, functions which do
> dynamic code generation will have a strong tendency to end with the
> sequence "tell the system to make the heap region pointed to by register X
> executable; return".)
>
> Henry Spencer
> henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
>
>
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
Peter D. Hiscocks
Department of Electrical and Computer Engineering
Ryerson University,
350 Victoria Street,
Toronto, Ontario, M5B 2K3, Canada
Phone: (416) 979-5000 Ext 6109
Fax: (416) 979-5280
Email: phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org
URL: http://www.ee.ryerson.ca/~phiscock
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list