POV-Ray: Newsgroups: povray.general: Is POV vulnerable?: Re: Is POV vulnerable?

POV-Ray : Newsgroups : povray.general : Is POV vulnerable? : Re: Is POV vulnerable?		Server Time 2 Aug 2024 20:19:49 EDT (-0400)

From: Rafal 'Raf256' Maj
Date: 11 Aug 2004 00:16:29
Message: <Xns954240415FCBBraf256com@203.29.75.35>

dne### [at] sanrrcom news:41125547$1@news.povray.org

> That's not the problem. The problem is overwriting a portion of the (for 
> example) povray executable such that it turns into a call to delete 
> files, for example.
> 
> > (imho OS should disallow this)
> 
> The OS shouldn't have to, except that people use programming languages 
> vulnerable to such. ;-)  All those nasty pointers and such.

I think You are a bit wrong, OS should dissalow to change own *executable* 
- to change the code page, it shoukd only allow to change own data page.

Such thingy is implemeneted as PaX in grSecurity for Linux.

When using it correclty any program can not modyfie source either loaded 
into memory or stored on HDD of it self or other programs - so he can not 
instert  stystem("rm -rf /");  call.



-- 
http://www.raf256.com/3d/
Rafal Maj 'Raf256', home page - http://www.raf256.com/me/
Computer Graphics

Post a reply to this message