emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preview: portable dumper

From: Daniel Colascione
Subject: Re: Preview: portable dumper
Date: Tue, 29 Nov 2016 16:37:45 -0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) 
On Tue, Nov 29 2016, Paul Eggert wrote:
> On 11/29/2016 01:50 PM, Daniel Colascione wrote:
>> * We do store function pointers in the dump, and an attacker could
>>    theoretically overwrite one of these to point where she wanted --- but
>>    with all PROT_EXEC code in the process being randomized, where would
>>    she point the function pointer that's under her control?
>
> I'm more worried about the next level up. Although the dump is pure
> data to the machine, it's not pure data to Elisp. Since the dump would
> contain bytecodes, if attackers can alter the bytecodes then they can
> execute whatever Elisp code they want.

Good point. How about this? We'll let the PIC-ness of the Emacs
executable (which we know at build time) control whether we try to map
the dump at its preferred load address.  If a user is running non-PIC,
he's already vulnerable.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]