[ardour-dev] Possible exploit potential in ardour.
Taybin Rutkin
taybin at earthlink.net
Tue Oct 17 19:49:23 PDT 2006
On Oct 17, 2006, at 10:05 AM, James Courtier-Dutton wrote:
> Paul Davis wrote:
>> On Sun, 2006-10-15 at 00:57 +0100, James Courtier-Dutton wrote:
>>
>>> Note that the STACK is rwx. I.e. it is possible to execute
>>> instructions
>>> stored on the stack. Is this really necessary for ardour? Could
>>> ardour
>>> be modified so that the STACK is rw- and not rwx ?
>>
>> in the words of the old tetley tea bag commercial, you hum it son,
>> and
>> i'll play it. just tell me how or point me to it a URL that does.
>>
>>
> Please see attached diff file with the fix.
> With the patch, ardour then builds with rw- stack instead of rwx
> stack.
Thanks for the patch. Does a similar issue exist in sse64_functions.s?
Taybin
More information about the Ardour-Dev
mailing list