[fpc-pascal] Re: Get all caller adresses of a given function/procedure before executing
Lukasz Sokol
el.es.cr at gmail.com
Thu Aug 16 10:16:04 CEST 2012
On 15/08/2012 16:05, Rainer Stratmann wrote:
> Am Wednesday 15 August 2012 16:45:03 schrieb Lukasz Sokol:
>>> If the maintainers decide to build in the suggested function above then
>>> everthing is solved. By now no one of the maintainers wants this.
>>
>> I can understand why, more or less - this could be a security flaw if you
>> can find the final procedure call address like that [and then inject/patch
>> it from outside, while the program is running - see what I mean?]
>
> Please explain.
> I do not change the code. I am only searching some pointers.
>
Well, yeah, _you_ don't. What if somebody else could create a program that extracts
private (unexported) function pointers from executables and be able to redirect
entire code paths. Oh wait. this is called executable infection and great deal of
people actually _do_ that.
>> Sort of the reason why Linux doesn't export System.map any more...
(actually, they don't export syscalls table as r/w area, for the fear of somebody
patching it with their own entries, they do it as r/o instead).
>> And the sort of reason why (dx)gettext scans the _source_ not the binary.
>
> If the pointers were provided natively then scaning the source (labour
> intensive) is no more necessary.
So you think maintaining your own disassembler is easier, more stable and
less maintenance than scanning the source?
L.
More information about the fpc-pascal
mailing list