I think this is overkill and will probably cause your applications to
run much slower than they already do. I don't see why one couldn't
simply put the variable information *after* the rest of the stack
information, instead of before, and have the kernel zero out the next
stack frame before it gets written to (although this may cause some
performance problems in itself). This would prevent a buffer overflow
from A) overwriting SS:ESP and B) overflowing code onto the next
stackframe.

[ reply ]