[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preview: portable dumper

From: Paul Eggert
Subject: Re: Preview: portable dumper
Date: Tue, 29 Nov 2016 14:01:35 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 11/29/2016 01:50 PM, Daniel Colascione wrote:
* We do store function pointers in the dump, and an attacker could
   theoretically overwrite one of these to point where she wanted --- but
   with all PROT_EXEC code in the process being randomized, where would
   she point the function pointer that's under her control?

I'm more worried about the next level up. Although the dump is pure data to the machine, it's not pure data to Elisp. Since the dump would contain bytecodes, if attackers can alter the bytecodes then they can execute whatever Elisp code they want.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]