|
|
BugTraq
Buffer overflow prevention Aug 13 2003 10:28AM Eygene A. Ryabinkin (rea rea mbslab kiae ru) (7 replies) Re: Buffer overflow prevention Aug 13 2003 07:28PM Michal Zalewski (lcamtuf coredump cx) (1 replies) Re: Buffer overflow prevention Aug 13 2003 07:13PM Nicholas Weaver (nweaver CS berkeley edu) (1 replies) Re: Buffer overflow prevention Aug 13 2003 06:26PM Jonathan A. Zdziarski (jonathan networkdweebs com) (1 replies) Re: Buffer overflow prevention Aug 13 2003 06:20PM Patrick Dolan (dolan cc admin unt edu) (2 replies) |
|
Privacy Statement |
<snip>
> This only stops attacks which overwrite the return address pointers on
> the stack, it doesn't stop heap overflows or other control-flow
> attacks.
ACK. Often there are function pointers stored on the heap - so this
does not really help much.
It would be better to invest more time in fail-checking code, i.e.
in C: macros for memory operations which do range checks:
>>>>
static inline _sec_strcpy(char* dest, const char* src, int max)
{
int i;
if ((!dest)||(max<1)) return -1;
if ((max==0)||(!src)) return -1;
{
dest[0] = 0;
return 0;
}
i = strncpy(dest,src,max);
dest[max] = 0;
return i;
}
#define STRCPY_BUF(buffer,src) _sec_strcpy(&buffer, src, sizeof(buffer));
<<<<
Some languages offer runtime range checking, which should bring much security,
but often is really slow :(
<snip>
> [1] If microsoft doesn't have this flag turn on on their own products,
> this would be a lawsuit waiting to happen.
why (in detail) should they be attackable ? did they give any warranty ?
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux ITS
Webhosting ab 5 EUR/Monat. UUCP, rawIP und vieles mehr.
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact (at) metux (dot) de [email concealed]
cellphone: +49 174 7066481
---------------------------------------------------------------------
Diese Mail wurde mit UUCP versandt. http://www.metux.de/uucp/
[ reply ]