Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique
From: Luc The Perverse (sll_noSpamlicious_z_XXX_m_at_cc.usu.edu)
Date: 10/08/05
- Next message: Milan VXdgsvt: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Previous message: tomstdenis_at_gmail.com: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- In reply to: Douglas A. Gwyn: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Next in thread: tomstdenis_at_gmail.com: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Reply: tomstdenis_at_gmail.com: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 8 Oct 2005 07:23:54 -0600
"Douglas A. Gwyn" <DAGwyn@null.net> wrote in message
news:4346C19C.32BD1D57@null.net...
> tomstdenis@gmail.com wrote:
>> Carlos Moreno wrote:
>> > I mean, would you oppose to hardware-based memory protection?
>> What do you think an MMU is? It certainly isn't software based in the
>> x86 series.
>
> I think he's referring to the reinvention of execute protection,
> which would (if employed) prevent apps from executing code that
> was loaded onto the stack by exploiting a buffer overrun. That
> doesn't make the app correct by any means, but it would reduce
> slightly the severity of that particular vulnerability.
>
> In the grand scheme of things, it seems to me to be of marginal
> utility.
It never made sense to me.
It's like trying to design a system to stabilize a car in case the wheel
falls off.
It would be better to just try to ensure that everyone who is putting the
tires on is properly outfitted with the right tools.
Programmers have consistantly demonstrated that they cannot be trusted with
buffers, so they should all be forced to program in Java.
-- "Wise men talk because they have something to say; fools talk because they have to say something." - Plato
- Next message: Milan VXdgsvt: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Previous message: tomstdenis_at_gmail.com: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- In reply to: Douglas A. Gwyn: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Next in thread: tomstdenis_at_gmail.com: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Reply: tomstdenis_at_gmail.com: "Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
