Date: Sun, 16 Feb 1997 22:58:32 -0700 (MST) From: Charles Mott <cmott@srv.net> To: Michael Smith <msmith@atrad.adelaide.edu.au> Cc: msmith@atrad.adelaide.edu.au, freebsd-chat@FreeBSD.ORG Subject: Re: Countering stack overflow Message-ID: <Pine.BSF.3.91.970216224824.1692C-100000@darkstar> In-Reply-To: <199702170545.QAA08355@genesis.atrad.adelaide.edu.au>
index | next in thread | previous in thread | raw e-mail
> > What other security holes exist, other than stack overflow variations, > > which allow an intruder to take over a machine? > > That's a restatement of the halting problem. Various examples of > common hole-providing behaviour have been discussed on the lists over > the last few months. Buffer overflow (rather than stack overflow) > errors comprise a large part of the problem, but there have been > others (eg. remote login daemons leaking environment variables) which > only come to light as the result of a comprehensive code review. The only mechanism I have seen for an intruder to gain control of the executable stream is to rewrite a return address on the stack. I don't see how an overflow of a malloc()'ed buffer can allow someone to gain control of your machine. They may crash it or corrupt operation, but not gain control. Crashing seems to me a much less serious problem. Also it is possible to keep network connection logs to see where intruders came from before the machine died. Charles Motthome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970216224824.1692C-100000>