[ardour-dev] Possible exploit potential in ardour.

James Courtier-Dutton James at superbug.co.uk
Mon Oct 16 10:05:26 PDT 2006

Paul Davis wrote:
> On Sun, 2006-10-15 at 00:57 +0100, James Courtier-Dutton wrote:
>> Note that the STACK is rwx. I.e. it is possible to execute instructions
>> stored on the stack. Is this really necessary for ardour? Could ardour
>> be modified so that the STACK is rw- and not rwx ?
> in the words of the old tetley tea bag commercial, you hum it son, and
> i'll play it. just tell me how or point me to it a URL that does.
It is caused by:

Please see this url for some reasons why.


I think option (3) is the cause:
3) an object built from assembler source is missing the GNU-stack note;
a very common occurrence especially for code expected to work on many

More information about the Ardour-Dev mailing list