> On Jul 27, 2017, at 10:02 AM, petern <[email protected]> wrote: > > Are you able to put two facts together? > > What prevents stack busting or other code injection attacks on an otherwise > valid pseudo-null pointer by simply decoding the address space and > observing where strcmp() loads a register to one of the pointer "keys" > you've insisted be conveniently published for hackers in the data segment?
Peter, you’re (a) assuming a lot of specialized domain knowledge, by using jargon and referring to highly technical papers; (b) referring vaguely to threats instead of describing a clear problem or attack vector; (c) speaking very condescendingly to the people you’re trying to convince. None of these help your case at all. I’m interested in the security implications of this API, and I’ve got some security knowledge, but not apparently enough to follow along. Richard is right: please describe clearly a situation where this API results in an attack vector. —Jens _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
