[ardour-dev] Possible exploit potential in ardour.

James Courtier-Dutton James at superbug.co.uk
Tue Oct 17 07:05:54 PDT 2006


Paul Davis wrote:
> On Sun, 2006-10-15 at 00:57 +0100, James Courtier-Dutton wrote:
> 
>> Note that the STACK is rwx. I.e. it is possible to execute instructions
>> stored on the stack. Is this really necessary for ardour? Could ardour
>> be modified so that the STACK is rw- and not rwx ?
> 
> in the words of the old tetley tea bag commercial, you hum it son, and
> i'll play it. just tell me how or point me to it a URL that does.
> 
> 
Please see attached diff file with the fix.
With the patch, ardour then builds with rw- stack instead of rwx stack.

James
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ardour.rwx-stack.fix.diff
URL: <http://lists.ardour.org/pipermail/ardour-dev-ardour.org/attachments/20061017/87c949be/attachment.txt>


More information about the Ardour-Dev mailing list