[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Executable memory: further programs that fail

From: Gordon Messmer <yinyang eburg com>
To: fedora-devel-list redhat com
Subject: Re: Executable memory: further programs that fail
Date: Mon, 24 Nov 2003 18:30:43 -0800

Tim Daly wrote:

I react to the notion that shared libraries can be placed "at random" in free space. Lisp systems, database systems, numeric systems (e.g. large matrix computations), all rely on large, contiguous blocks of storage. In fact the size of the problem they can handle depends on the size of contiguous storage. I don't understand why fragmenting free storage helps security.

I'm not an assembly programmer, so someone may correct me:

buffer overflow exploits rely on the ability to call a library function at a predictable address. If the libraries are loaded at random addresses, then buffer overflow attacks have a much more difficult time predicting the address of a block of code to jump to.

Follow-Ups:
- Re: Executable memory: further programs that fail
  - From: Tim Daly

References:
- Executable memory: some apps that work on RH9 don't on FC1
  - From: Gerard Milmeister
- Re: Executable memory: some apps that work on RH9 don't on FC1
  - From: Jakub Jelinek
- Re: Executable memory: some apps that work on RH9 don't on FC1
  - From: Michael Schwendt
- Re: Executable memory: some apps that work on RH9 don't on FC1
  - From: Jack Aboutboul
- Re: Executable memory: further programs that fail
  - From: Gerard Milmeister
- Re: Executable memory: further programs that fail
  - From: Karl DeBisschop
- Re: Executable memory: further programs that fail
  - From: Tim Daly
- Re: Executable memory: further programs that fail
  - From: Ingo Molnar
- Re: Executable memory: further programs that fail
  - From: Tim Daly

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]