On Thursday 29 August 2002 16:46, you wrote: > The first three bytes of the name of a rwlock/mutex/semaphore/condvar etc > are interpreted as the type identifier, the rest of the rid0x83daf50 string > above is assumed to be the actual address of the thing! No further > checking is performed by GetObj() to ensure that the provided address is > actually correct, so you can make up any address you like and pass it to > ns_rwlock or ns_mutex or whatever with the destroy sub-command and have the > memory so pointed to over-written!
How would you avoid this? You'd have to introduce a table for matching handle and pointer and get another mutex arround that table. This would of course have impact on speed. So either you have speed, or you're very safe. Zoran
