|
| From: | Paul Eggert |
| Subject: | Re: Preview: portable dumper |
| Date: | Tue, 29 Nov 2016 14:01:35 -0800 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 |
On 11/29/2016 01:50 PM, Daniel Colascione wrote:
* We do store function pointers in the dump, and an attacker could theoretically overwrite one of these to point where she wanted --- but with all PROT_EXEC code in the process being randomized, where would she point the function pointer that's under her control?
I'm more worried about the next level up. Although the dump is pure data to the machine, it's not pure data to Elisp. Since the dump would contain bytecodes, if attackers can alter the bytecodes then they can execute whatever Elisp code they want.
| [Prev in Thread] | Current Thread | [Next in Thread] |