Date: Mon, 10 Feb 1997 14:13:23 -0700 From: Warner Losh <imp@village.org> To: tqbf@enteract.com Cc: roberto@keltia.freenix.fr, freebsd-security@freebsd.org Subject: Re: buffer overruns Message-ID: <E0vu32S-0005Rj-00@rover.village.org> In-Reply-To: Your message of "10 Feb 1997 07:49:14 GMT." <19970210074914.22012.qmail@char-star.rdist.org> References: <19970210074914.22012.qmail@char-star.rdist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19970210074914.22012.qmail@char-star.rdist.org> tqbf@enteract.com writes: : You'll have to make every other region of memory that a calling process : could potentially control non-executable as well. It's a gross assumption : to say that I, being the caller of any given program, only have influence : over the contents of that program's stack. >From years of debugging experience we know that it is possible to overflow veriables in the data segment, trashing out the pointer that follows the buffer. Once you do that, then you may be able to use that pointer to write data anywhere in the program.... Found quite a few bugs in code I've worked on that were like this :-(. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vu32S-0005Rj-00>