Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: Fri, 07 Oct 2005 16:15:27 -0600
> Such a language exists?
note that this periodically gets repeated ... some collected posts
from a year ago ... and prior years
however there are languages and environments where the frequency of
such things happening are drastically smaller (possibly two orders of
magnitude smaller) for this class of mistakes.
i was involved in a tcp/ip stack implementation in the 80s that was
done in pascal ... and was not known to have any of the overflow
vulnerabilities that seem to be so common. in part, because a lot of
the buffer-to-buffer type operations didn't depend on the programmer
having to manage the bounds of the target ... it was built into the
operations. as a result, there were significantly fewer situations
where the opportunity for making target length related mistakes.
I've also been involved in purely assembler-based implementations
where the underlying environmental bounds semantics existing for all
buffers ... and it was standard programming convention to always
utilize the target bounds/lengths.
In one case, the target bounds/lengths were built into the programming
language ... and in the assembler case, the related environment
(libraries, standard system features, etc) established programming
convention that encouraged the use of bounds paradigm on all
operations. In both situations, while the environment didn't
absolutely prevent bounds violations ... the frequency of bounds
violations were something like two-orders of magnitude less.
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/