[FFmpeg-soc] [soc]: r532 - matroska/matroskaenc.c
Michael Niedermayer
michaelni at gmx.at
Sun Jul 29 02:43:50 CEST 2007
Hi
On Sun, Jul 29, 2007 at 02:07:46AM +0200, Luca Barbato wrote:
> Michael Niedermayer wrote:
> > most stupid idea of all
> > the struct contains pointers, so you now leak very usefull information for
> > an exploit
>
> a _SUM_ of pointers isn't an useful information.
your comments are not usefull ...
just try
main(){
int i;
for(i=0; i<10; i++){
void *p= malloc(100*i*i+1);
printf("%p\n", p);
}
}
2 runs will give you the exact same list of pointers in a normal
gnu/ulrich drepper libc based system
if you now use exec shield or grsec or similar you should see the
VERY same pointers just with a constant added to them, that is the
same constant to all, the constant would just differ from process to
process
you can now combine these pointers in any way you want, you dont gain
anything by this the result still leaks the constant in a way which a
11 year old could recover
> more if it is used with
> the current time as a seed for a random numeber generator....
well an attacker trying to exploit ffmpeg running on a remote
server (maybe one of these "encode random video to flv" services)
knows the time when he does the attack so its addition has zero effect
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-soc/attachments/20070729/4af39d90/attachment.pgp>
More information about the FFmpeg-soc
mailing list