Date: Mon, 17 Feb 1997 16:37:50 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: cmott@srv.net (Charles Mott) Cc: msmith@atrad.adelaide.edu.au, freebsd-chat@FreeBSD.ORG Subject: Re: Countering stack overflow Message-ID: <199702170607.QAA08532@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.91.970216224824.1692C-100000@darkstar> from Charles Mott at "Feb 16, 97 10:58:32 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Mott stands accused of saying: > > The only mechanism I have seen for an intruder to gain control of the > executable stream is to rewrite a return address on the stack. I don't > see how an overflow of a malloc()'ed buffer can allow someone to gain > control of your machine. Think "change the behaviour of a function by altering its local variables". As I stated, this is dependant entirely on the nature of the application in question, and is thus a restatement of the halting problem. No practical guard against this is possible outside of the specific domain of each application. > They may crash it or corrupt operation, but not > gain control. Crashing seems to me a much less serious problem. Also it > is possible to keep network connection logs to see where intruders came > from before the machine died. There was a very clear and succint description of the basic procedure for an attack overwriting local variables posted a week or so ago. > Charles Mott -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702170607.QAA08532>