From owner-freebsd-chat Thu Feb 13 23:32:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA14626 for chat-outgoing; Thu, 13 Feb 1997 23:32:51 -0800 (PST) Received: from carlton.innotts.co.uk (root@carlton.innotts.co.uk [194.176.128.2]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA14616 for ; Thu, 13 Feb 1997 23:32:45 -0800 (PST) Received: from [194.176.130.58] (serialA39.innotts.co.uk [194.176.130.58]) by carlton.innotts.co.uk (8.6.12/8.6.12) with ESMTP id HAA03776; Fri, 14 Feb 1997 07:32:29 GMT X-Sender: robmel@mailhost.innotts.co.uk Message-Id: In-Reply-To: <199702140448.OAA27909@ogre.devetir.qld.gov.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 14 Feb 1997 07:32:14 +0000 To: Stephen McKay , Charles Mott From: Robin Melville Subject: Re: Trying to understand stack overflow Cc: freebsd-chat@freebsd.org, syssgm@devetir.qld.gov.au Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 2:48 pm +1000 14/2/97, Stephen McKay wrote: > [lots of useful background snipped...] >If you carefully manipulate the return address you can run code from the >same array you overflowed. In other words executing code within the stack frame. Can't the 386 MMU restrict execution to the Text page? That would solve the whole thing. >The real problem here is lack of bounds checking on memory objects. I >remember Dennis Ritchie (hmm, or was it Ken T?) claim that he had modified >his system C compiler so that every C pointer implied length as well as >starting location. Thus, every pointer and array access could be checked >for illegitimate accesses. The penalty is doubling the size of every pointer >plus a run time checking cost. Given the dramas people are having with >security nowadays, and the plummeting cost of RAM and CPU power, I think >such an option should be added to GCC with all speed. This would also add enormously to the stability of C applications. Memory leakage is the bugbear of everything written in C. I second the proposition wholeheartedly! Rob.