Hi Marc-André, On Friday, 2011-08-05 10:04:14 +0530, Marc-André Laverdière wrote:
I recall that some exploits in the past have been done by linking to a symbol that wasn't hidden but should've... in other words the attackers bypassed the method/function with the argument validity checks.
Note that this visibility problem a) was due to my own stupidity not having rebased all of my source tree b) is solved now that I did that c) now exports the symbols as intended, and only those Which of course doesn't mean that there couldn't be methods that don't check argument validity properly, as in any library.. Eike -- PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication. Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD
Attachment:
pgpXfz1pmWqJ7.pgp
Description: PGP signature