Patch to execve

Joerg Sonnenberger joerg at britannica.bec.de
Tue Mar 1 02:45:30 PST 2005


On Mon, Feb 28, 2005 at 03:49:11PM -0800, Kevin M. Kilbride wrote:
> It is precisely that difference I am talking about, Joerg. This code is 
> safe:
> 
>    void function(void) {
>       char *x = "some string";
>       potential_string_modifier(x);
>    }
> 
> This code is not safe:
> 
>    void function(void) {
>      char x[] = "some string";
>      potential_string_modifier(x);
>    }
> 
> In the first case, if the potential modifier attempts to write to the 
> string, the program will die. As I pointed out previously, dead programs 
> are always safe. In the second case, if the potential modifier attempts 
> to write to the string, it will succeed---even if it overwrites the 
> stack. It is exercises similar to this that permit stack overflow 
> exploits. Moreover, passing truly-writable copies prevents you from 
> later finding any calls that should not be modifying strings, but which 
> actually do.

This is NOT about buffer overflows. There are a lot of uses for writable
strings beside buffer overflows. One (perhaps bad) example is mktemp.
The problem with the first example is that the compiler is free to place
"some string" in a read-only data section, any modification can recreate
a segfault. Sure, you have to check for overflows, but you have to do
that for any kind of strings anyway.

You've just proven my point :)

Joerg





More information about the Submit mailing list