Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


Hi Marc-André,

On Friday, 2011-08-05 10:04:14 +0530, Marc-André Laverdière wrote:

I recall that some exploits in the past have been done by linking to a
symbol that wasn't hidden but should've... in other words the attackers
bypassed the method/function with the argument validity checks.

Note that this visibility problem
a) was due to my own stupidity not having rebased all of my source tree
b) is solved now that I did that
c) now exports the symbols as intended, and only those

Which of course doesn't mean that there couldn't be methods that don't
check argument validity properly, as in any library..

  Eike

-- 
 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD

Attachment: pgpXfz1pmWqJ7.pgp
Description: PGP signature


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.