Re: Privilege-escalation attacks on NT-based Windows are unfixable
From: Alun Jones (alun@texis.com)Date: 08/26/02
- Next message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Anon E. Maus: "Re: TCHAR and buffer overflows"
- In reply to: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: David Thompson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alun@texis.com (Alun Jones) Date: Mon, 26 Aug 2002 01:48:46 GMT
In article <3D67D8A0.7060208@127.0.0.1>, Edward Elliott <nobody@127.0.0.1>
wrote:
>Alun Jones wrote:
>> Are you really telling me that you wouldn't find, in thousands of software
>> houses, code that read "inline void str_no_n_cpy(char *dest, const char *src)
>
>> { while (*src) { *dest++=*src++; } *dest=0; }"?
>
>Yes that's my claim. Why bother writing a non-standard function when
>you can just as easily use strncpy? strncpy(dst, src, dst_len) is best,
>but I bet you'd also see strncpy(dst, src, strlen(dst)) and even
>strncpy(dst, src, strlen(src)). The last two are slower but easier to
>code. The last won't prevent buffer overflows, but if all three forms
>were used with equal frequency, that'd be a 2/3 reduction in buffer
>overflows as a result of strcpy.
The last certainly won't prevent buffer overflows - in fact, it devolves to
the same effect as the code example I posted - and the second-to-last is just
plain wrong.
>> Better still, what about those processors that have an instruction that will
>> do a block copy of this form? I'd be surprised if there are none. Someone's
>> going to realise "hey, I could shave a nanosecond or two here by avoiding
>> strncpy and writing my own version that doesn't require length checking" -
>> several someones.
>
>Sure, some people will. But a lot of people won't.
The sad part is that this hypothetical "lot of people" is essentially going to
consist of the same people that already eschew strcpy in favour of strncpy and
the like.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
- Next message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Anon E. Maus: "Re: TCHAR and buffer overflows"
- In reply to: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Edward Elliott: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: David Thompson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
