This is a regression from Intrepid, yes. Upstream glibc changed how
they constructed the random value, losing this protection from strcpy-
style overflows. While I do not have any active examples of exploits
that have read-access to stack memory and also a strcpy, I do feel the
regression potential is low given that this patch does not change the
locations of the stack protector, it just limits the first byte to 0.
** Changed in: glibc (Ubuntu Jaunty)
Status: Incomplete => New
--
stack protector guard value does not lead with a NULL byte
https://bugs.launchpad.net/bugs/413278
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
