On Wed, Jul 18, 2012 at 10:21:04PM -0600, Theo de Raadt wrote: > I guess you are talking about mitigation mechanisms. > > I am not aware of any stdio protection mechanisms.
well, apart from careful handling of file descriptors everywhere to make sure fd 0, 1 and 2 remain what they are supposed to be. -Otto > > However, our atexit has a bizzare quirk, as does our malloc. > > These functions protect their own internal data structures by > mprotect()'ing them as non-writeable after updating them. > > It isn't worth mentioning in a manual page. But if you dug into > the source code, and the commit logs, you'd see this cleverness in > action. > > It slows malloc down a little bit, but it makes it a lot harder to > attack the back-end. > > > I'm trying to dig up information on the atexit() and stdio() > > protection given in the FAQ. I can find lots of statements that this > > protection exists, but I can't find any presentations or papers saying > > what they are and what they do. The man pages for these functions > > don't seem to have anything explicit about this protection. > > > > Any pointers? Man pages I should read? > > > > Thanks, > > ==ml > > > > -- > > Michael W. Lucas > > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > > Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery > > mwlu...@michaelwlucas.com, Twitter @mwlauthor