lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20020915041519.A3244@hamsec.aurora.sfo.interquest.net>
From: silvio at big.net.au (silvio@....net.au)
Subject: glibc pedant

glibc 2.1.3

/* Initialization routine. */
#if defined(_LIBC)
#if 0
static void ptmalloc_init __MALLOC_P ((void)) __attribute__ ((constructor));
#endif

[ skip ]

 if(__malloc_initialized >= 0) return;
  __malloc_initialized = 0;


<sarcasm>
hmm..  well, notice that there is no synchronization for this - experts
call that a race condition.
</sarcasm>

<serious>
the constructor part is interesting.. since it would have been forcibly
serialized (asusming ctors are serialized).

exploitable.. i doubt it, but someone can try I guess.

known.. but its mainly pedantic I guess.
</serious>

<pedant>
i might start a pedantic security mailing list one day possibly.. Have to
think about it first, document it, and then think about it some more
again.  Hmm.. wait, that's not the best approach to take for this particular
issue *ponder*.
</pedant>

--
Silvio


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ