On Wed, Jul 18, 2012 at 10:21:04PM -0600, Theo de Raadt wrote:
> I guess you are talking about mitigation mechanisms.
>
> I am not aware of any stdio protection mechanisms.
well, apart from careful handling of file descriptors everywhere to
make sure fd 0, 1 and 2 remain what they are supposed to be.
-Otto
>
> However, our atexit has a bizzare quirk, as does our malloc.
>
> These functions protect their own internal data structures by
> mprotect()'ing them as non-writeable after updating them.
>
> It isn't worth mentioning in a manual page. But if you dug into
> the source code, and the commit logs, you'd see this cleverness in
> action.
>
> It slows malloc down a little bit, but it makes it a lot harder to
> attack the back-end.
>
> > I'm trying to dig up information on the atexit() and stdio()
> > protection given in the FAQ. I can find lots of statements that this
> > protection exists, but I can't find any presentations or papers saying
> > what they are and what they do. The man pages for these functions
> > don't seem to have anything explicit about this protection.
> >
> > Any pointers? Man pages I should read?
> >
> > Thanks,
> > ==ml
> >
> > --
> > Michael W. Lucas
> > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
> > Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery
> > mwlu...@michaelwlucas.com, Twitter @mwlauthor
