Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Secure Programming
Writing Secure code Dec 27 2002 12:46PM
Rahul Chander Kashyap (rahul nsecure net) (6 replies)
Re: Writing Secure code Dec 28 2002 03:36AM
K K Mookhey (cto nii co in)
Re: Writing Secure code Dec 27 2002 11:16PM
Bob Bruen (coldrain sover net)
Re: Writing Secure code Dec 27 2002 06:17PM
Dana Epp (dana vulscan com)
Re: Writing Secure code Dec 27 2002 06:03PM
Valdis Kletnieks vt edu (2 replies)
Re: Writing Secure code Dec 28 2002 07:40AM
Glynn Clements (glynn clements virgin net) (2 replies)
Re: Writing Secure code Dec 29 2002 12:35AM
Cesar (cesarc56 yahoo com)
Re: Writing Secure code Dec 28 2002 07:04PM
Crispin Cowan (crispin wirex com)
RE: Writing Secure code Dec 27 2002 08:51PM
Roger Alexander (rta cs colostate edu) (1 replies)
RE: Writing Secure code Dec 30 2002 12:41PM
Matt McClellan (mmcclellan nfr com) (2 replies)
RE: Writing Secure code Jan 01 2003 02:46AM
peleus (peleus peleus net) (1 replies)
RE: Writing Secure code Jan 03 2003 04:36AM
Timo Sirainen (tss iki fi)
Re: Writing Secure code[update] Dec 31 2002 10:20AM
Rahul Chander Kashyap (rahul nsecure net) (2 replies)
Re: Writing Secure code[update] Jan 01 2003 12:21PM
K K Mookhey (cto nii co in) (2 replies)
Re: Writing Secure code[update] Jan 04 2003 12:31AM
Warwick Molloy (wmolloy optushome com au)
Re: Writing Secure code[update] Jan 02 2003 11:55PM
Alex Russell (alex netWindows org)
Re: Writing Secure code[update] Dec 31 2002 08:28PM
Crispin Cowan (crispin wirex com)
RE: Writing Secure code Dec 27 2002 05:46PM
Jeremy Epstein (jepstein webmethods com) (1 replies)
Re: Writing Secure code Dec 27 2002 08:50PM
Valdis Kletnieks vt edu
On Fri, 27 Dec 2002 12:46:05 EST, Jeremy Epstein <jepstein (at) webmethods (dot) com [email concealed]> said:

> main() { exit(0); }
>
> is completely secure and not exploitable. Beyond that, you're on your own

Wrong.

If you don't link it statically, it's vulnerable to a shared library replacement
of the exit() function in libc. This type of error is the basis of all
the LD_* exploits.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech

[ reply ]
Re: Writing Secure code Dec 27 2002 05:43PM
John Viega (viega list org) (2 replies)
Re: Writing Secure code Dec 27 2002 09:54PM
Alex Russell (alex netWindows org) (1 replies)
Re: Writing Secure code Dec 27 2002 08:57PM
John Viega (viega list org)
RE: Writing Secure code Dec 27 2002 08:59PM
Matt McClellan (mcc nfr com) (1 replies)
Re: Writing Secure code Dec 27 2002 09:06PM
John Viega (viega list org)







 

Privacy Statement
Copyright 2009, SecurityFocus