Hosting Provided By

Re: Writing Secure code

From: <Valdis.Kletnieks(at)vt.edu>
Date: Fri Dec 27 2002 - 15:50:43 EST

On Fri, 27 Dec 2002 12:46:05 EST, Jeremy Epstein <jepstein@webmethods.com> said:

Wrong.

If you don't link it statically, it's vulnerable to a shared library replacement of the exit() function in libc. This type of error is the basis of all the LD_* exploits.

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Received on Fri Dec 27 22:48:09 2002

This message: [ Message body ]
Next message: K K Mookhey: "Re: Writing Secure code"
Previous message: John Viega: "Re: Writing Secure code"
In reply to: Jeremy Epstein: "RE: Writing Secure code"
In reply to Oliver Friedrichs: "RE: Writing Secure code"
Next in thread: Valdis.Kletnieks(at)vt.edu: "Re: Writing Secure code"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT

Do you need help?