Date: Sun, 16 Feb 1997 22:58:32 -0700 (MST) From: Charles Mott <cmott@srv.net> To: Michael Smith <msmith@atrad.adelaide.edu.au> Cc: msmith@atrad.adelaide.edu.au, freebsd-chat@FreeBSD.ORG Subject: Re: Countering stack overflow Message-ID: <Pine.BSF.3.91.970216224824.1692C-100000@darkstar> In-Reply-To: <199702170545.QAA08355@genesis.atrad.adelaide.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> > What other security holes exist, other than stack overflow variations, > > which allow an intruder to take over a machine? > > That's a restatement of the halting problem. Various examples of > common hole-providing behaviour have been discussed on the lists over > the last few months. Buffer overflow (rather than stack overflow) > errors comprise a large part of the problem, but there have been > others (eg. remote login daemons leaking environment variables) which > only come to light as the result of a comprehensive code review. The only mechanism I have seen for an intruder to gain control of the executable stream is to rewrite a return address on the stack. I don't see how an overflow of a malloc()'ed buffer can allow someone to gain control of your machine. They may crash it or corrupt operation, but not gain control. Crashing seems to me a much less serious problem. Also it is possible to keep network connection logs to see where intruders came from before the machine died. Charles Mott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970216224824.1692C-100000>