[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20020915041519.A3244@hamsec.aurora.sfo.interquest.net>
From: silvio at big.net.au (silvio@....net.au)
Subject: glibc pedant
glibc 2.1.3
/* Initialization routine. */
#if defined(_LIBC)
#if 0
static void ptmalloc_init __MALLOC_P ((void)) __attribute__ ((constructor));
#endif
[ skip ]
if(__malloc_initialized >= 0) return;
__malloc_initialized = 0;
<sarcasm>
hmm.. well, notice that there is no synchronization for this - experts
call that a race condition.
</sarcasm>
<serious>
the constructor part is interesting.. since it would have been forcibly
serialized (asusming ctors are serialized).
exploitable.. i doubt it, but someone can try I guess.
known.. but its mainly pedantic I guess.
</serious>
<pedant>
i might start a pedantic security mailing list one day possibly.. Have to
think about it first, document it, and then think about it some more
again. Hmm.. wait, that's not the best approach to take for this particular
issue *ponder*.
</pedant>
--
Silvio
Powered by blists - more mailing lists