Re: false asumption or security flaw? (fwd)

[Tim Robbins <fyre@box3n.gumbynet.org>]

On Thu, 24 Aug 2000, johan '97 wrote:

> so, in other words
> the function malloc gets it's memory from an already allocated memory (by the 
> kernel to the process) and hands it to the program to be used.
> once this chunk of memory is freed by the program, it is (probably?) still
> a part of the memory that is allocated to the process by the kernel.
> The kernel 'knows' that this chunk is still in use by the process,
> but the program 'thinks' differently. Hence, the probability of a chaos
> to happen is limited only in the process and not the kernel.
> 
> in a nut shell, it's more of the compilers inability to detect these sort
> of situation than a flaw in the kernel security.
> 
> is this correct?

Right. On Linux, the userland process resizes its data segment with the
brk() system call. The kernel knows this memory belongs to the process. It
can then later reduce the size of its data segment thus giving some memory
back for other processes to use. It's not a kernel flaw or a compiler flaw
really, just a weakness of C. Pointers allow you to do some great things,
but if you use them incorrectly you're bound to break something. 

Ugh. I think I've contributed enough to this thread.

Tim

--
Tim Robbins
fyre@box3n.gumbynet.org

..  Now KEN and BARBIE are PERMANENTLY ADDICTED to MIND-ALTERING DRUGS..
                            - Zippy the pinhead



Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/