Re: Stack growth direction to thwart buffer overflow attacks

From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 08/16/03


Date: 16 Aug 2003 07:24:23 GMT

In article <pMb%a.136$mD.25@news.level3.com>,
Barry Margolin <barry.margolin@level3.com> wrote:
>>>
>>>But the choice is between "doing something and possibly getting it wrong"
>>>and "doing nothing which is almost always wrong". Right now we've got lots
>>>of the latter.
>>
>>No, it isn't. There is also the choice "doing something and making
>>the situation worse".
>
>It's already pretty bad, I don't think it could really get much worse;
>there are unchecked buffers all over the place, just waiting for crackers
>to discover them. I guess we'll just have to agree to disagree on whether
>the particular techniques we've been discussing would result in an
>improvement.

The aspect of getting it wrong that I would expect and have seen is
that it makes it harder for a real expert to tell if the program has
been coded competently and, in particular, to spot if the error
detection is likely to be of any use.

In the case of such parameters in the more complex or uncheckable
functions (sprintf, gets etc.), I agree with you. My point is that
saying that this helps with functions as simple and checkable as
strcpy is, at best, not supported by any evidence.

Stick to sprintf and gets as examples - they are ones where the
argument in favour of a length parameter is solid!

Regards,
Nick Maclaren.