Re: Stack growth direction to thwart buffer overflow attacks
From: Barry Margolin (barry.margolin_at_level3.com)
Date: 08/15/03
- Next message: Rupert Pigott: "Re: Stack growth direction to thwart buffer overflow attacks"
- Previous message: Gary Hotine: "Re: TKIP or AES?"
- In reply to: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Next in thread: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Reply: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Aug 2003 20:54:45 GMT
In article <bhjdug$eu$1@pegasus.csx.cam.ac.uk>,
Nick Maclaren <nmm1@cus.cam.ac.uk> wrote:
>In article <XY9%a.130$mD.124@news.level3.com>,
>Barry Margolin <barry.margolin@level3.com> wrote:
>>In article <1060970338.228041@saucer.planet.gong>,
>>Rupert Pigott <roo@dark-try-removing-this-boong.demon.co.uk> wrote:
>>>"Barry Margolin" <barry.margolin@level3.com> wrote in message
>>>news:Sx7%a.124$mD.56@news.level3.com...
>>>> In article <bhi3mc$rgd$1@pegasus.csx.cam.ac.uk>,
>>>> Nick Maclaren <nmm1@cus.cam.ac.uk> wrote:
>>>> >Firstly, in the case of functions like strcpy, it is NOT much easier
>>>> >to provide the correct length than to do your own checking.
>>>>
>>>> Could you explain this? How could writing your own checking code be
>>>easier
>>>> than just adding one parameter to a function call?
>>>
>>>I don't want to jump in and speak for Nick here. From my OWN point
>>>of view adding a parameter is just Yet-Another-Thing-To-Get-Wrong.
>>
>>But the choice is between "doing something and possibly getting it wrong"
>>and "doing nothing which is almost always wrong". Right now we've got lots
>>of the latter.
>
>No, it isn't. There is also the choice "doing something and making
>the situation worse".
It's already pretty bad, I don't think it could really get much worse;
there are unchecked buffers all over the place, just waiting for crackers
to discover them. I guess we'll just have to agree to disagree on whether
the particular techniques we've been discussing would result in an
improvement.
-- Barry Margolin, barry.margolin@level3.com Level(3), Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Rupert Pigott: "Re: Stack growth direction to thwart buffer overflow attacks"
- Previous message: Gary Hotine: "Re: TKIP or AES?"
- In reply to: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Next in thread: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Reply: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
