On Mon, 26 Jun 2006, [EMAIL PROTECTED] wrote: > Ok, I missed one important bit of info. Plus, MARC archives when searching > for > author don't support restricting to one ML. So, here's the link to the > discussion within UML-devel. Which is just a pointer to the issue (he surely > doesn't explain here the security issues).
Oh, it was on *l-k*. Right. The security issue is (probably) that attackers can stick stuff into a jmp_buf if they can successfully execute arbitrary code in some (buggy) function, and thus can trigger a later longjmp() by the application which would go somewhere unexpected. glibc fixes this by xoring the pointers in the jmp_buf with (IIRC) a TLS-stored random cookie (much as -fstack-protector sticks a TLS-stored random cookie on the stack; obviously it can't actually modify the on-stack return address, so that is the next best thing). A shame Roland wasn't listening in: he made the original changes and he's a lot more, well, *helpful* than Ulrich... he'll say what the problem is where Ulrich will just growl at you. -- `NB: Anyone suggesting that we should say "Tibibytes" instead of Terabytes there will be hunted down and brutally slain. That is all.' --- Matthew Wilcox Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
