[ardour-dev] Possible exploit potential in ardour.
Taybin Rutkin
taybin at earthlink.net
Wed Oct 25 21:32:44 PDT 2006
I've applied this fix. Thanks!
Taybin
On Oct 22, 2006, at 10:09 AM, John Rigg wrote:
> On Tue, Oct 17, 2006 at 10:49:23PM -0400, Taybin Rutkin wrote:
>> On Oct 17, 2006, at 10:05 AM, James Courtier-Dutton wrote:
>>
>>> Paul Davis wrote:
>>>> On Sun, 2006-10-15 at 00:57 +0100, James Courtier-Dutton wrote:
>>>>
>>>>> Note that the STACK is rwx. I.e. it is possible to execute
>>>>> instructions
>>>>> stored on the stack. Is this really necessary for ardour? Could
>>>>> ardour
>>>>> be modified so that the STACK is rw- and not rwx ?
>>>>
>>>> in the words of the old tetley tea bag commercial, you hum it son,
>>>> and
>>>> i'll play it. just tell me how or point me to it a URL that does.
>>>>
>>>>
>>> Please see attached diff file with the fix.
>>> With the patch, ardour then builds with rw- stack instead of rwx
>>> stack.
>>
>> Thanks for the patch. Does a similar issue exist in
>> sse64_functions.s?
>
> Here's the patch for sse_functions_64bit.s (tested on 0.99.3 AMD64,
> stack is now rw-).
>
> John
> ______________________________________________________________________
>
> diff -uprN ardour-0.99.3.orig/libs/ardour/sse_functions_64bit.s
> ardour-0.99.3/libs/ardour/sse_functions_64bit.s
> --- ardour-0.99.3.orig/libs/ardour/sse_functions_64bit.s 2006-02-06
> 20:56:14.000000000 +0000
> +++ ardour-0.99.3/libs/ardour/sse_functions_64bit.s 2006-10-22
> 14:25:06.000000000 +0100
> @@ -603,3 +603,9 @@ x86_sse_compute_peak:
>
> .size x86_sse_compute_peak, .-x86_sse_compute_peak
> #; end proc
> +
> +#ifdef __ELF__
> +.section .note.GNU-stack,"",%progbits
> +#endif
> _______________________________________________
> ardour-dev mailing list
> ardour-dev at lists.ardour.org
> http://lists.ardour.org/listinfo.cgi/ardour-dev-ardour.org
More information about the Ardour-Dev
mailing list