From owner-freebsd-chat Mon Feb 17 12:59:34 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA14229 for chat-outgoing; Mon, 17 Feb 1997 12:59:34 -0800 (PST) Received: from relay.nuxi.com (nuxi.ucdavis.edu [128.120.37.176]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA14224 for ; Mon, 17 Feb 1997 12:59:32 -0800 (PST) Received: from dragon.nuxi.com (reqd-003.ucdavis.edu [128.120.251.123]) by relay.nuxi.com (8.8.4/8.6.12) with ESMTP id MAA06816; Mon, 17 Feb 1997 12:59:34 -0800 (PST) Received: (from obrien@localhost) by dragon.nuxi.com (8.8.5/8.7.3) id UAA24359; Mon, 17 Feb 1997 20:59:29 GMT Message-ID: <19970217125928.YK32485@dragon.nuxi.com> Date: Mon, 17 Feb 1997 12:59:28 -0800 From: obrien@NUXI.com (David O'Brien) To: cmott@srv.net (Charles Mott) Cc: msmith@atrad.adelaide.edu.au (Michael Smith), freebsd-chat@freebsd.org Subject: Re: Countering stack overflow References: <19970217122022.XX15588@dragon.nuxi.com> X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 X-Disclaimer: Mutt Bites! Organization: The NUXI *BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 In-Reply-To: ; from Charles Mott on Feb 17, 1997 13:28:52 -0700 Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Charles Mott writes: > This is the final post of a long back and forth exchange. I'm sorry my > terminology is not up to your standards, but I think if you read the > entire thread, you will see that my understanding is fairly clear. Do > your homework before making an obnoxious statement. Aggg. The real vulnerability here is not checking array bounds. Playing with the postion of the stack is simply masking the problem, not fixing. If you really want to fix the problem, then lets change the language we use for development... or use the bounds checking enhanced GCC. Remember, C is a high-level assembly language, and by that nature means it allows unchecked references. > The fact that FreeBSD is so easily exploited by stack overflow > techniques, when the method has been widely known for probably a decade > is the real tragedy here. Not just FreeBSD, but *ALL* commerial Unixes. AND it is also a problem on other machines.. it just leads to a core dump/crash rather than gained access. The real tragedy here is we are still using C, on an OS that is used by some in a security concious environment. -- -- David (obrien@NUXI.com -or- obrien@FreeBSD.org)