Subject: Re: CVS commit: src/usr.sbin/rtsold
To: None <source-changes@netbsd.org>
From: Christoph Badura <bad@bsd.de>
List: source-changes
Date: 01/03/2004 22:48:56
On Sat, Jan 03, 2004 at 12:39:17PM -0500, Nathan J. Williams wrote:
> I think that the judgement that atexit is "very dangerous" is
> overblown, having looked at the description of the problem. It's
> essentially complaining that there's a function pointer in libc that's
> used by all programs, so a vulnerability is introduced once an
> attacker has gained the ability to overwrite arbitrary locations in
> memory.
Especially when there are more function pointers used by libc.
E.g. the ones in struct FILE, easily locatable via std{in,out,err}.
Or the ones used by the DB library (used, e.g., by the getpw* family
of functions). And that is only the tip of the iceberg, I'm sure.
This is worse then normal paranoia. "Fixing" the atexit() machinery and
neglectig the other gazillion interfaces and then claiming to have removed
a class of vulnerabilities is a kind of spin that sets new standards.
--chris