18 May 2006 Marcus   » (Master)

New glibc security things: Pointer obfuscation

glibc 2.4 (in SUSE Linux 10.1) introduces pointer obfuscation. On program startup a random value is read from /dev/urandom, and several pointers are xor'ed with this value when storing them to data structure and when restoring them.

This goes for:

  • jmp_bufs (setjmp/longjmp) which could be used by Stack Overflows to execute code. If you could overwrite the stack pointer or instruction related register stored in jmp_buf (usually stored on the stack too), you could exploit stack overflows even without triggering canaries.
  • atexit() functions, in case the attacker overwrites heap and those function pointers
  • iconv / gconv related function pointers.
Another potential of changing code execution paths is gone.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!