Cuberite ForumOff TopicOff Topic Discussion
Evil code

Linear Mode
Evil code
xoft Offline
Cuberite Developer
******
Posts: 6,486
Threads: 176
Joined: Jan 2012
Thanks: 40
Given 156 thank(s) in 838 post(s)
#12
02-12-2016, 05:12 AM
This is all fine as long as you have *const* data. The problem is, normally you don't. Quite a few programs have a global "buffer" object of a kind that they use for whatever buffering is needed, naturally it's stored in the writable data section. But on Windows, this still means code cannot execute from that location, so attacks cannot simply stuff data into that buffer and make it execute. On Linux, such an attack vector (oh so common for all the zero-day exploits) is perfectly viable. That, in my opinion, is very unsafe.
Find
Reply
Thanks given by:


Messages In This Thread
Evil code - by xoft - 02-10-2016, 12:09 AM
RE: Evil code - by xoft - 02-10-2016, 12:21 AM
RE: Evil code - by LogicParrot - 02-10-2016, 12:37 AM
RE: Evil code - by Barracuda72 - 02-11-2016, 11:55 PM
RE: Evil code - by Schwertspize - 02-10-2016, 12:54 AM
RE: Evil code - by tonibm19 - 02-11-2016, 06:32 AM
RE: Evil code - by tigerw - 02-11-2016, 07:55 AM
RE: Evil code - by DrMasik - 02-11-2016, 08:09 AM
RE: Evil code - by xoft - 02-11-2016, 05:47 PM
RE: Evil code - by sphinxc0re - 02-11-2016, 06:06 PM
RE: Evil code - by xoft - 02-11-2016, 07:39 PM
RE: Evil code - by xoft - 02-12-2016, 05:12 AM
RE: Evil code - by Barracuda72 - 02-12-2016, 08:01 AM
RE: Evil code - by LogicParrot - 02-12-2016, 05:21 AM
RE: Evil code - by xoft - 02-12-2016, 06:44 PM
RE: Evil code - by xoft - 02-12-2016, 06:56 PM
RE: Evil code - by Barracuda72 - 02-12-2016, 10:14 PM
RE: Evil code - by xoft - 02-12-2016, 07:06 PM
RE: Evil code - by xoft - 02-12-2016, 07:21 PM
RE: Evil code - by LogicParrot - 02-12-2016, 11:30 PM



Users browsing this thread: 2 Guest(s)