On Wed, Jul 18, 2012 at 10:21:04PM -0600, Theo de Raadt wrote:
I guess you are talking about mitigation mechanisms.
I am not aware of any stdio protection mechanisms.
well, apart from careful handling of file descriptors everywhere to
make sure fd 0, 1 and 2 remain what they are supposed to be.
-Otto
However, our atexit has a bizzare quirk, as does our malloc.
These functions protect their own internal data structures by
mprotect()'ing them as non-writeable after updating them.
It isn't worth mentioning in a manual page. But if you dug into
the source code, and the commit logs, you'd see this cleverness in
action.
It slows malloc down a little bit, but it makes it a lot harder to
attack the back-end.
I'm trying to dig up information on the atexit() and stdio()
protection given in the FAQ. I can find lots of statements that this
protection exists, but I can't find any presentations or papers saying
what they are and what they do. The man pages for these functions
don't seem to have anything explicit about this protection.
Any pointers? Man pages I should read?
Thanks,
==ml
--
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery
mwlu...@michaelwlucas.com, Twitter @mwlauthor
