[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#63063: CVE-2021-36699 report
From: |
Po Lu |
Subject: |
bug#63063: CVE-2021-36699 report |
Date: |
Tue, 25 Apr 2023 20:59:16 +0800 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Eli Zaretskii <eliz@gnu.org> writes:
> How do you "easily" figure out the offset from some arbitrary data
> address to the current stack pointer, and do that in advance,
> i.e. before the target program even runs?
The reason I put ``easy'' in quotes was because it's ``easy'' in the
eyes of the people running the CVE registry. To them, any kind of bug
(or perhaps even intended crash) is a security problem.
> The pdumper file is data, not code. It is loaded into the data
> segment. And executable code segments are usually write-protected.
Only some kinds of CPU make the distinction between executable and
readable pages.
> I don't think this is relevant. But based on what the code does, I
> don't see why this should be considered a security issue.
It's not, indeed.
The glaringly obvious reason being that only the site administrator, or
the user himself, can replace the dump file with something else.
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report,
Po Lu <=
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, lux, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Robert Pluim, 2023/04/25
- bug#63063: CVE-2021-36699 report, lux, 2023/04/25
- bug#63063: CVE-2021-36699 report, Richard Stallman, 2023/04/25
bug#63063: CVE-2021-36699 report, fuomag9, 2023/04/25