From owner-freebsd-hackers Thu Feb 13 06:27:44 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA13354 for hackers-outgoing; Thu, 13 Feb 1997 06:27:44 -0800 (PST) Received: from llaic.univ-bpclermont.fr (llaic.univ-bpclermont.fr [192.54.142.163]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id GAA13345 for ; Thu, 13 Feb 1997 06:27:39 -0800 (PST) Message-Id: <199702131427.GAA13345@freefall.freebsd.org> Received: by llaic.univ-bpclermont.fr (1.38.193.4/16.2) id AA04723; Thu, 13 Feb 1997 15:27:21 +0100 From: Roger Espel Llima Subject: Re: strlen() question, maybe str*cpy To: hackers@freefall.freebsd.org Date: Thu, 13 Feb 1997 15:27:21 +0100 (MET) In-Reply-To: <199702130437.UAA17244@freefall.freebsd.org> from "owner-hackers-digest@freefall.freebsd.org" at Feb 12, 97 08:37:06 pm X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Ken Wong wrote: > On Wed, 12 Feb 1997, J Wunsch wrote: > > Why? The worst that would happen by touching off the end of your > > address space is a SIGSEGV. The problem with str*cpy() touching > > beyond the bounds of their arrays is that they can _modify_ the stack > > then, but that can't happen with strlen() since it doesn't modify > > anything. Agreement. > why isn't the str*cpy check the BP (base pointer?) register > and use it to gaurd against stack over right? Because it's not its job. str*cpy() assumes that the string fits in the buffer where it is being copied, and is defined to just copy it. This kind of checks belong in a special debugging version of libc, if anywhere at all. Production code shouldn't be slowed down by more run-time checks than the language requires. The right solution is to secure sensitive programs (either setuid, or run by root/bin/whatever with untrusted arguments or data) at the source level. Roger -- e-mail: roger.espel.llima@ens.fr WWW page & PGP key: http://www.eleves.ens.fr:8080/home/espel/index.html