Date: Thu, 13 Feb 1997 15:27:21 +0100 (MET) From: Roger Espel Llima <espel@llaic.univ-bpclermont.fr> To: hackers@freefall.freebsd.org Subject: Re: strlen() question, maybe str*cpy Message-ID: <199702131427.GAA13345@freefall.freebsd.org> In-Reply-To: <199702130437.UAA17244@freefall.freebsd.org> from "owner-hackers-digest@freefall.freebsd.org" at Feb 12, 97 08:37:06 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Wong <wong@a17b32.rogerswave.ca> wrote: > On Wed, 12 Feb 1997, J Wunsch wrote: > > Why? The worst that would happen by touching off the end of your > > address space is a SIGSEGV. The problem with str*cpy() touching > > beyond the bounds of their arrays is that they can _modify_ the stack > > then, but that can't happen with strlen() since it doesn't modify > > anything. Agreement. > why isn't the str*cpy check the BP (base pointer?) register > and use it to gaurd against stack over right? Because it's not its job. str*cpy() assumes that the string fits in the buffer where it is being copied, and is defined to just copy it. This kind of checks belong in a special debugging version of libc, if anywhere at all. Production code shouldn't be slowed down by more run-time checks than the language requires. The right solution is to secure sensitive programs (either setuid, or run by root/bin/whatever with untrusted arguments or data) at the source level. Roger -- e-mail: roger.espel.llima@ens.fr WWW page & PGP key: http://www.eleves.ens.fr:8080/home/espel/index.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702131427.GAA13345>