Re: [Lit.] Buffer overruns

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 01/28/05 

Date: Fri, 28 Jan 2005 14:53:23 -0700

"Trevor L. Jackson, III" <tlj3@comcast.net> writes:
> In essence you said that the easy checks were not worth doing
> because by dint of great effort on the part of highly skilled
> practitioners a superior result can be reached.
>
> I suppose that the apocryphal workman who could cut piece of plaster
> to exactly patch a hole (allegory intentional) would feel the same
> way about a cabinetmaker using a measuring tape, who would feel the
> same way about a carpenter marking a 2x4 with a blunt pencil, who
> would feel the same way about a woodcutter marking trees with a can
> of spray paint.
>
> It is basically an arrogant attitude with no possible practical
> meaning.
>
> Note that in theory there is no difference between theory and
> practice, but in practice there is a distinct difference. What you
> are propounding is theory that contravenes all of the best
> practices.

actually feathered wallboard with tape and putty ... which then had to
be sanded, smooth covered up a lot of dings. but then even that became
too expensive for many implementations (tape, putty and sanding on
cielings can be a really hard job) ... and they invented the gumball
(or some call it spitball) ceiling covering ... basically really rough
spay-on that covered up almost anything. way back in another life i
could sink 16penny common with 20oz doing rough framing with a tap &
single pound (light tap was to get it far enuf in so i could get my
fingers out of the way). i never got so i could do 8penny box (lot of
plywood sheeting over studs) with single pound ... holding the nail
until the hammer had contacted the nail head and then getting fingers
out of the way before the hammer had slammed the nail home.

now they have those fancy nail guns.

the buffer problem is currently way past the failure mode associated
with buffer overflows and well into pervasive exploits and attacks
taking advantage of the multitude of buffer overflows (aka not about
buffer programming mistakes but about being able to mount succesful
attacks and exploits because of the prevasiveness of buffere
overflows) ...

feb. 2005 linux magazine bufferr overflow *attacks* ref:
http://www.garlic.com/~lynn/2005b.html#20 [Lit.} buffer overruns

recent books on buffer overflow *attacks* ref:
http://www.garlic.com/~lynn/2005b.html#42 [Lit.} buffer overruns

enhanced hardware and operating system support for buffer overflow
*attacks* countermeasures (not preventing buffer overflows, attempting
to prevent succesful attacks that try and take advantage of buffer
overflows):
http://www.garlic.com/~lynn/2005.html#1 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005.html#32 8086 memory space [was: The Soul of Barb's New Machine]
http://www.garlic.com/~lynn/2005b.html#5 Relocating application architecture and compiler support
http://www.garlic.com/~lynn/2005b.html#25 360POO
http://www.garlic.com/~lynn/2005b.html#34 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#39 [Lit.] Buffer overruns 

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Quantcast