Hi Ben Thank you for the information that it is glibc that "protect". Do we know that glibc in wheezy do this or is this a more recent thing?
// Ola On 25 November 2016 at 00:58, Ben Hutchings <[email protected]> wrote: > On Thu, 2016-11-24 at 14:59 +0100, Raphael Hertzog wrote: > > Hi, > > > > On Tue, 22 Nov 2016, Ola Lundqvist wrote: > [...] > > > Also I have in other discussions got the impression that gcc nowadays > have > > > some kind of heap protection that prevent overwrite of data causing > > > arbitrary code execution. I may be wrong however. > > > > Looking at hdf5 in wheezy, I don't see any hardening feature enabled. I > > wonder where you saw that gcc has such protections by default in Debian. > [...] > > glibc (not gcc) has heap hardening. (Of course, this doesn't help > libraries that use their own heap.) I've previously been told that > this makes it impractical to achieve code execution through a heap > overflow. > > Ben. > > -- > Ben Hutchings > [W]e found...that it wasn't as easy to get programs right as we had > thought. > ... I realized that a large part of my life from then on was going to > be spent > in finding mistakes in my own programs. - Maurice Wilkes, 1949 > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
