Re: Stack growth direction to thwart buffer overflow attacks

From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 08/15/03 

Date: 15 Aug 2003 08:02:18 GMT

In article <tzV_a.99302$3o3.6893483@bgtnsc05-news.ops.worldnet.att.net>,
"Hank Oredson" <horedson@att.net> writes:
|>
|> > (which includes Philip Hazel and me) have little difficulty in
|> > using strcpy safely. Claiming that it is IN ITSELF a security flaw
|> > that is cured by changing to strncpy is pure dogma. Bull***, if
|> > you prefer.
|>
|> Agree totally Nick.
|>
|> Just occured to me that if you did NOT have a stack, then you
|> would never have a problem with stack overflow (underflow) attacks.
|> Note the lack of smiley ...

You aren't a veteran of the Fortran versus Algol 60 wars, are you?
I remember that one ....

It is a good point, in that a common problem of using a stack is
forgetting to check for stack overflow. But, equally, a common
problem of static allocation is forgetting that and recursing.
TANSTAAFL.

|> I've written a lot of code in assembler and in C and in many other
|> languages for many different hardware platforms running many
|> different OS. If you don't check *x* then *x* can be the target
|> of some kind of attack or another. So you check *x* .. it's that simple.

Precisely.

Regards,
Nick Maclaren.

Quantcast