Re: [Lit.] Buffer overruns
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 01/24/05
- Next message: Anne & Lynn Wheeler: "Re: [Lit.] Buffer overruns"
- Previous message: Joe Peschel: "Re: Singular they [was Re: [Lit.] Buffer overruns]"
- In reply to: David Wagner: "Re: [Lit.] Buffer overruns"
- Next in thread: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Jan 2005 15:06:33 -0700
daw@taverner.cs.berkeley.edu (David Wagner) writes:
> Right. It's a shame that the entire standard C library is implemented
> in an unreasonable way (it does exactly the wrong thing, by the above
> criterion). That may have something to do with why so many C programs
> have buffer overruns.
linux magazine, feb. 2005, pg. 38, The Oldest Trick in the Book,
Understanding the buffer overflow exploit
... from above
According to NIST in the past 4 years, 871 buffer overflow
vulnerabilities were exploited, commprising ablout 20 percent
of all exploits
... snip
which is about the same percentage that I calculated from
the CVE database.
Article mentions that the exploit first gained widespread notoriety in
1988 with the Morris worm.
for some topic drift about bitnet email worm that predates the
internet worm by about a year:
http://www.garlic.com/~lynn/2004p.html#13
http://www.garlic.com/~lynn/2004p.html#16
http://www.garlic.com/~lynn/2004p.html#17
http://www.garlic.com/~lynn/2004p.html#21
note that the original mainframe TCP/IP stack had been implemented in
pascal/vs. It had some issues .... getting about 44kbytes/sec thruput
using 100 percent of a 3090 processor. I enhanced the stack with
RFC1044 support ... and in testing at cray research between cray and
4341-clone ... it was getting 1mbyte/sec using only a modest amount of
the 4341-clone processor. recent posting on the subject
http://www.garlic.com/~lynn/2005.html#51
as an aside, I'm not aware of any buffer overflow exploits in this
implementation.
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
- Next message: Anne & Lynn Wheeler: "Re: [Lit.] Buffer overruns"
- Previous message: Joe Peschel: "Re: Singular they [was Re: [Lit.] Buffer overruns]"
- In reply to: David Wagner: "Re: [Lit.] Buffer overruns"
- Next in thread: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
