16 Feb
2020
16 Feb
'20
6:02 a.m.
Hi,
Sorry for the formatting problem, I'm having trouble sending each open
source project the patch in their own format, and I probably mixed up
something.
The patch is now attached to this email.
In addition, I also attached the White Paper that describes this new
security mitigation.
Just as a side note: the patch is signed by eyalit(a)checkpoint.com but
I'm sending this from eyal.itkin(a)gmail.com due to mail issues with my
work e-mail (which is connected to my GitHub account).
Thanks again for your cooperation,
Eyal.
On Fri, Feb 14, 2020 at 11:40 AM Waldemar Brodkorb <wbx(a)uclibc-ng.org> wrote:
Hi,
Eyal Itkin wrote,
Safe-Linking is a security mechanism that
protects single-linked
lists (such as the fastbins) from being tampered by attackers. The
mechanism makes use of randomness from ASLR (mmap_base), and when
combined with chunk alignment integrity checks, it protects the
pointers from being hijacked by an attacker.
The patch does not apply with git am ontop of uClibc-ng master.
What mail client do you use and could you try to use git
format-patch -s origin and send an e-Mail with the patch as
attachment so it does not get corrupted somehow.
best regards
Waldemar