[MPlayer-dev-eng] Re: Fwd: [MPlayer-users] Mplayer exploit?!
gsstark at mit.edu
Tue Jan 14 23:32:57 CET 2003
Arpi <arpi at thot.banki.hu> writes:
> libmpeg2 is safe. it has boundary checks around writes, and has sig11
> trap for illegal reads. but it's the only safe codec, imho.
If sig11 traps are necessary that only shows that there is in fact a problem.
A working exploit won't trigger a seg fault. Sig11 traps only hide the
problem, they don't actually fix it.
You only get a sig11 if you read or write to unallocated memory, security
exploits work by stuffing extra data past the end of valid allocations into
more allocated space. Usually this is in stack allocations to overwrite the
stack frame with the return address.
The only way to make code safe is to actually keep all memory accesses within
the allocated bounds. Unfortunately this will be hard or impossible to
guarantee for the external dlls, especially the win32 dlls.
The only way to guarantee safety for those would be to run the code under an
emulator like valgrind. But that would have prohibitive performance problems.
More information about the MPlayer-dev-eng