Dailydave mailing list archives
Re: Dangling pointers exploitation
From: "Thomas Ptacek" <tqbf () matasano com>
Date: Wed, 25 Jul 2007 14:03:12 -0500
I'm not sure "saved return address on the stack" is the real vector for uninitialized variables. On 7/25/07, pageexec () freemail hu <pageexec () freemail hu> wrote:
On 25 Jul 2007 at 12:02, Thomas Ptacek wrote:you have a pointer who's value seems unpredictable but is in fact strongly influenced by the execution environment which is in turn often influenced by inputs and timing.such as... a saved return address on the stack? isn't that kinda old news these days? ;-)
-- --- Thomas H. Ptacek // matasano security read us on the web: http://www.matasano.com/log _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Dangling pointers exploitation, (continued)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation jf (Jul 25)
- Re: Dangling pointers exploitation Pusscat (Jul 25)
- Re: Dangling pointers exploitation Chris Rohlf (Jul 25)
- Re: Dangling pointers exploitation Matt (Jul 25)
- Re: Dangling pointers exploitation pageexec (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)
- Re: Dangling pointers exploitation pageexec (Jul 25)
- Re: Dangling pointers exploitation Tyler Krpata (Jul 25)
- Re: Dangling pointers exploitation Thomas Ptacek (Jul 25)