[PATCH][WIP] Make exploiting talloc harder by using a random talloc_magic
Stefan (metze) Metzmacher
metze at samba.org
Wed Oct 16 21:58:10 MDT 2013
Am 17.10.2013 03:34, schrieb Andrew Bartlett:
> This patch is inspired by the exploit in
> http://blog.csnc.ch/wp-content/uploads/2012/07/sambaexploit_v1.0.pdf
> and is an idea to see if we can make it harder to exploit talloc.
>
> The re-order is designed to put the flags earlier into the talloc_chunk,
> where they would have to be overwritten.
>
> The only downsides I see so far are:
> - startup needs to select a better random number
> - we loose the magic 'different talloc version' detection, it will just
> abort with wrong magic. However library .so names and symbol versions
> will probably avoid this, now we always build with waf.
Can't just add the random one to the fixed one and remove it again if we
want to check the fixed one?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131017/69f91366/attachment.pgp>
More information about the samba-technical
mailing list