From silvio Sun Sep 15 04:15:22 2002 Return-Path: Received: (from silvio@localhost) by big.net.au (8.11.0/8.11.0) id g8FBFJs03247; Sun, 15 Sep 2002 04:15:19 -0700 Date: Sun, 15 Sep 2002 04:15:19 -0700 From: silvio@big.net.au To: full-disclosure@lists.netsys.com Subject: glibc pedant Message-ID: <20020915041519.A3244@hamsec.aurora.sfo.interquest.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Status: RO Content-Length: 856 Lines: 37 glibc 2.1.3 /* Initialization routine. */ #if defined(_LIBC) #if 0 static void ptmalloc_init __MALLOC_P ((void)) __attribute__ ((constructor)); #endif [ skip ] if(__malloc_initialized >= 0) return; __malloc_initialized = 0; hmm.. well, notice that there is no synchronization for this - experts call that a race condition. the constructor part is interesting.. since it would have been forcibly serialized (asusming ctors are serialized). exploitable.. i doubt it, but someone can try I guess. known.. but its mainly pedantic I guess. i might start a pedantic security mailing list one day possibly.. Have to think about it first, document it, and then think about it some more again. Hmm.. wait, that's not the best approach to take for this particular issue *ponder*. -- Silvio