This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Pointer guard for static binaries?
- From: Roland McGrath <roland at redhat dot com>
- To: Ulrich Drepper <drepper at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 4 Jan 2006 10:39:00 -0800 (PST)
- Subject: Re: Pointer guard for static binaries?
> Roland McGrath wrote:
> > It's not clear to me why x86-64 should put the global
> > pointer-guard value in tcbhead_t, given that's it's only used in libc.so
> > and so a local symbol there could be used.
>
> Because it is so easy to access the value it is a weakness. The TCB
> address is not at a constant relative address to the libc code and
> therefore accessing the value is much harder.
Really? If you have exploit code running, can't it use %fs:N easily enough?
That N is even constant across many libc builds that may well place the
local data slot at different offsets from some other bit of code.
Thanks,
Roland