Date: Mon, 17 Feb 1997 12:59:28 -0800 From: obrien@NUXI.com (David O'Brien) To: cmott@srv.net (Charles Mott) Cc: msmith@atrad.adelaide.edu.au (Michael Smith), freebsd-chat@freebsd.org Subject: Re: Countering stack overflow Message-ID: <19970217125928.YK32485@dragon.nuxi.com> In-Reply-To: <Pine.BSF.3.91.970217132230.2620A-100000@darkstar>; from Charles Mott on Feb 17, 1997 13:28:52 -0700 References: <19970217122022.XX15588@dragon.nuxi.com> <Pine.BSF.3.91.970217132230.2620A-100000@darkstar>
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Mott writes: > This is the final post of a long back and forth exchange. I'm sorry my > terminology is not up to your standards, but I think if you read the > entire thread, you will see that my understanding is fairly clear. Do > your homework before making an obnoxious statement. Aggg. The real vulnerability here is not checking array bounds. Playing with the postion of the stack is simply masking the problem, not fixing. If you really want to fix the problem, then lets change the language we use for development... or use the bounds checking enhanced GCC. Remember, C is a high-level assembly language, and by that nature means it allows unchecked references. > The fact that FreeBSD is so easily exploited by stack overflow > techniques, when the method has been widely known for probably a decade > is the real tragedy here. Not just FreeBSD, but *ALL* commerial Unixes. AND it is also a problem on other machines.. it just leads to a core dump/crash rather than gained access. The real tragedy here is we are still using C, on an OS that is used by some in a security concious environment. -- -- David (obrien@NUXI.com -or- obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970217125928.YK32485>