[ardour-dev] Possible exploit potential in ardour.
James Courtier-Dutton
James at superbug.co.uk
Sat Oct 14 16:57:35 PDT 2006
An objdump -p /usr/bin/ardour gives
ardour: file format elf32-i386
Program Header:
PHDR off 0x00000034 vaddr 0x08048034 paddr 0x08048034 align 2**2
filesz 0x00000120 memsz 0x00000120 flags r-x
INTERP off 0x00000154 vaddr 0x08048154 paddr 0x08048154 align 2**0
filesz 0x00000013 memsz 0x00000013 flags r--
LOAD off 0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
filesz 0x0061d4c1 memsz 0x0061d4c1 flags r-x
LOAD off 0x0061e000 vaddr 0x08666000 paddr 0x08666000 align 2**12
filesz 0x00003fc0 memsz 0x00005e4c flags rw-
DYNAMIC off 0x0061e304 vaddr 0x08666304 paddr 0x08666304 align 2**2
filesz 0x00000198 memsz 0x00000198 flags rw-
NOTE off 0x00000168 vaddr 0x08048168 paddr 0x08048168 align 2**2
filesz 0x00000020 memsz 0x00000020 flags r--
EH_FRAME off 0x00554320 vaddr 0x0859c320 paddr 0x0859c320 align 2**2
filesz 0x00010294 memsz 0x00010294 flags r--
STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**2
filesz 0x00000000 memsz 0x00000000 flags rwx
PAX_FLAGS off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**2
filesz 0x00000000 memsz 0x00000000 flags --- 2800
Note that the STACK is rwx. I.e. it is possible to execute instructions
stored on the stack. Is this really necessary for ardour? Could ardour
be modified so that the STACK is rw- and not rwx ?
More information about the Ardour-Dev
mailing list