Bugtraq mailing list archives
Re: Buffer overflow prevention
From: weigelt () metux de
Date: Wed, 13 Aug 2003 21:23:09 +0200
On Wed, Aug 13, 2003 at 12:13:27PM -0700, Nicholas Weaver wrote: <snip>
This only stops attacks which overwrite the return address pointers on the stack, it doesn't stop heap overflows or other control-flow attacks.
ACK. Often there are function pointers stored on the heap - so this does not really help much. It would be better to invest more time in fail-checking code, i.e. in C: macros for memory operations which do range checks:
static inline _sec_strcpy(char* dest, const char* src, int max) { int i; if ((!dest)||(max<1)) return -1; if ((max==0)||(!src)) return -1; { dest[0] = 0; return 0; } i = strncpy(dest,src,max); dest[max] = 0; return i; } #define STRCPY_BUF(buffer,src) _sec_strcpy(&buffer, src, sizeof(buffer)); <<<< Some languages offer runtime range checking, which should bring much security, but often is really slow :( <snip>
[1] If microsoft doesn't have this flag turn on on their own products, this would be a lawsuit waiting to happen.
why (in detail) should they be attackable ? did they give any warranty ? cu -- --------------------------------------------------------------------- Enrico Weigelt == metux ITS Webhosting ab 5 EUR/Monat. UUCP, rawIP und vieles mehr. phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact () metux de cellphone: +49 174 7066481 --------------------------------------------------------------------- Diese Mail wurde mit UUCP versandt. http://www.metux.de/uucp/
Current thread:
- Buffer overflow prevention Eygene A. Ryabinkin (Aug 13)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Crispin Cowan (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention weigelt (Aug 15)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Jonathan A. Zdziarski (Aug 13)
- Re: Buffer overflow prevention Andreas Beck (Aug 14)
- Re: Buffer overflow prevention Jingmin (Jimmy) Zhou (Aug 13)
- Re: Buffer overflow prevention Craig Pratt (Aug 13)
(Thread continues...)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)