[ardour-dev] Possible exploit potential in ardour.

James Courtier-Dutton James at superbug.co.uk
Sat Oct 14 16:57:35 PDT 2006


An objdump -p /usr/bin/ardour gives
ardour:     file format elf32-i386

Program Header:
    PHDR off    0x00000034 vaddr 0x08048034 paddr 0x08048034 align 2**2
         filesz 0x00000120 memsz 0x00000120 flags r-x
  INTERP off    0x00000154 vaddr 0x08048154 paddr 0x08048154 align 2**0
         filesz 0x00000013 memsz 0x00000013 flags r--
    LOAD off    0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
         filesz 0x0061d4c1 memsz 0x0061d4c1 flags r-x
    LOAD off    0x0061e000 vaddr 0x08666000 paddr 0x08666000 align 2**12
         filesz 0x00003fc0 memsz 0x00005e4c flags rw-
 DYNAMIC off    0x0061e304 vaddr 0x08666304 paddr 0x08666304 align 2**2
         filesz 0x00000198 memsz 0x00000198 flags rw-
    NOTE off    0x00000168 vaddr 0x08048168 paddr 0x08048168 align 2**2
         filesz 0x00000020 memsz 0x00000020 flags r--
EH_FRAME off    0x00554320 vaddr 0x0859c320 paddr 0x0859c320 align 2**2
         filesz 0x00010294 memsz 0x00010294 flags r--
   STACK off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**2
         filesz 0x00000000 memsz 0x00000000 flags rwx
PAX_FLAGS off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**2
         filesz 0x00000000 memsz 0x00000000 flags --- 2800


Note that the STACK is rwx. I.e. it is possible to execute instructions
stored on the stack. Is this really necessary for ardour? Could ardour
be modified so that the STACK is rw- and not rwx ?




More information about the Ardour-Dev mailing list