[fpc-pascal] Re: Get all caller adresses of a given function/procedure before executing
Reinier Olislagers
reinierolislagers at gmail.com
Thu Aug 16 11:03:34 CEST 2012
On 16-8-2012 10:57, Rainer Stratmann wrote:
> Am Thursday 16 August 2012 10:16:04 schrieb Lukasz Sokol:
>> On 15/08/2012 16:05, Rainer Stratmann wrote:
>>> Am Wednesday 15 August 2012 16:45:03 schrieb Lukasz Sokol:
>>>>> If the maintainers decide to build in the suggested function above then
>>>>> everthing is solved. By now no one of the maintainers wants this.
>>>>
>>>> I can understand why, more or less - this could be a security flaw if
>>>> you can find the final procedure call address like that [and then
>>>> inject/patch it from outside, while the program is running - see what I
>>>> mean?]
>>>
>>> Please explain.
>>> I do not change the code. I am only searching some pointers.
>>
>> Well, yeah, _you_ don't. What if somebody else could create a program that
>> extracts private (unexported) function pointers from executables and be
>> able to redirect entire code paths. Oh wait. this is called executable
>> infection and great deal of people actually _do_ that.
>
> I don't understand what you want to say here.
> Am I responsible for things other people may do?
Yes. Because your proposed changes open up avoidable security holes in
the compiler, you are.
(If I were you my counterargument would rather be that "obviously this
functionality would be driven by a compiler switch that is off by
default"...)
>> So you think maintaining your own disassembler is easier, more stable and
>> less maintenance than scanning the source?
>
> Yes, of course.
> It runs automatically no additional step is needed.
ROFLMAO after reading this thread, especially Mark ML's post.
More information about the fpc-pascal
mailing list