[3988] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: modifing libc to discover gets()/sprintf() calls

daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Jan 30 19:06:49 1997

Date: 	Thu, 30 Jan 1997 21:28:55 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To:         csh@VIEWGRAPHICS.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199701291914.LAA04017@viewgraphics.com> from "Chris Sheldon" at
              Jan 29, 97 11:14:12 am

> The only big problem I is that any difference between the libc.a and
> the running libc.so shared library would become painfully obvious
> after creating and installing the new shared library with the
> printf modifications.

Well one other approach would be to use some kind of ELF extension to
mark a symbol of type 'text, insecure'. Then the linker would link the binary
and report

fooprog: symbol _gets is insecure
fooprog: symbol _sprintf is insecure

Alan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3988] in bugtraq

Re: modifing libc to discover gets()/sprintf() calls

daemon@ATHENA.MIT.EDU (Alan Cox)Thu Jan 30 19:06:49 1997

daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Jan 30 19:06:49 1997