Re: De Raadt + FBSD + OpenSSH + hole?
On Sun, Apr 20, 2014 at 2:31 PM, Jamie Landeg-Jones
<jamie@dyslexicfish.net> wrote:
> Once memory has been freed, I thought any attempt by a user process to
> access it would cause a SIGSEV.
>
> I thought the issue was with programs that inadvertantly expose (either
> to read or write) other parts of their active memory.
>
> Of course, if a process rolls it's own in-process implementation
> of malloc/free, then this point is moot, but once you free memory back
> to the system, isn't in no longer accessable anyway?
free() doesn't usually "free memory back to the system." It just puts
it back onto a "free list" managed by libc, entirely within the
process's address space.
"Use after free" is actually a rather common type of bug -- do a web
search on that term to see just how often it comes up.
-nd.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 12 之 29 篇):