Bugtraq mailing list archives
Re: Smashing the stack
From: dholland () EECS HARVARD EDU (David Holland)
Date: Tue, 21 Jan 1997 00:19:35 -0500
Some architectures grow the stack "upwards" in memory instead of "downwards"; this means that buffer overrun doesn't overwrite existing stack frames at all. Is there a solution for this kind of architecture? For that matter, can anyone offhand name such a machine? I've heard rumours about Crays...
HP PA-RISC stacks grow up.
A good way to stamp out most of these attacks would be to allocate automatic variables somewhere on the heap or at least somewhere that isn't the stack. This may cause a performance penalty on CPUs that have special optimizations for data at short offsets from a particular "stack" register. This solution may be unreasonable on most real-world systems, but if you're designing a system from the ground up this is something to think of early on if it genuinely makes no difference in terms of performance.
If anyone's designing a new architecture from the ground up they should build it to have multiple stacks, not "the" stack. Then you put your automatic storage on one stack, and your call stack on the other. A third stack would make exception handling much easier, too. -- - David A. Holland | VINO project home page: dholland () eecs harvard edu | http://www.eecs.harvard.edu/vino
Current thread:
- Stronghold v1.3.3: Security Release, (continued)
- Stronghold v1.3.3: Security Release Sean B. Hamor (Jan 13)
- [linux-security] SECURITY: Important bug fix for /sbin/login Erik Troan (Jan 16)
- Smashing the stack on a DEC Alpha Lamont Granquist (Jan 16)
- Re: Smashing the stack on a DEC Alpha Digital Dreamer (Jan 16)
- Re: Smashing the stack on a DEC Alpha Julian Assange (Jan 16)
- FreeBSD Security Advisory: SA-96:21 - talkd FreeBSD Security Officer (Jan 18)
- Re: FreeBSD Security Advisory: SA-96:21 - talkd Theo de Raadt (Jan 20)
- talkd problem Theo de Raadt (Jan 20)
- Re: talkd problem David Holland (Jan 20)
- Smashing the stack Zygo Blaxell (Jan 20)
- Re: Smashing the stack David Holland (Jan 20)
- Re: Smashing the stack Bill Sommerfeld (Jan 21)
- [linux-security] write(1) leak David Holland (Jan 19)
- [linux-security] write(1) leak David Holland (Jan 20)