Thanks to visit codestin.com
Credit goes to lwn.net

|
|
Log in / Subscribe / Register

Prelink and address space randomization

Prelink and address space randomization

Posted Aug 20, 2006 7:58 UTC (Sun) by bluefoxicy (guest, #25366)
In reply to: Prelink and address space randomization by roelofs
Parent article: Prelink and address space randomization

Apache did this recently, didn't it? "We have an overflow, but you always overflow by like 3 bytes and they're always these bytes, and so it's not exploitable" then like 4 days later "OK somebody owned one of the devs' personal boxes we were wrong there was a really cool trick we missed."

Point is, we shouldn't say "We found an RCE here" if we don't see a way; but we should still say "there may be implications we have not discovered with this." It may be overflow by "k\0" today but tomorrow someone might make it overflow something else in there. We should neither assert that we know this will happen, nor that we know this will not happen.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds