Firewall Wizards mailing list archives
Re: Buffer Overruns
From: Crispin Cowan <crispin () cse ogi edu>
Date: Wed, 29 Dec 1999 10:32:55 +0000
Joseph S D Yao wrote:
Crispin, thank you for your supportive words. But I would like to differ with you slightly on C++.
Ok. I try hard to avoid C++, so I'm likely to learn something here :-)
C++, as it has become, is a sufficiently complex language that it becomes increasingly difficult to use all of it properly. And it is still possible to use many of the C tricks that cause so many security problems, if you just use it as "A Better C". BUT, I would submit that there are SOME security advantages to C++ over C, if only its stronger typing and ability to make stronger interfaces to data types. If only people would use them ...
I really have questions on several levels: 1. What are these stronger typing features? What kinds of programming errors can C++ catch that C won't? 2. Can those type checks really be said to add security value to a language that still supports pointer arithmetic? I.e. it may catch some bugs, but others go straight through, i.e. when people don't use the features. "Strong typing" usually means that using the type checking features is mandatory. 3. What about all those yummy virtual function pointers lying around in heap space? This makes it *much* easier to find a buffer to overflow to corrupt an adjacent code pointer. Here's a straw man example. Pardon the crummy syntax, it's been a while :-) class shape { virtual int rotate(int degrees); // rotate the shape string name; // name of this shape object } If I can overflow the "name" string, I stomp right on the "rotate" virtual function, which is a pointer to code, with the pointer stored in heap space right next to the buffer. This is the *ideal* situation for a buffer overflow attack. Thanks, Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: Buffer Overruns, (continued)
- Re: Buffer Overruns Crispin Cowan (Dec 21)
- Re: Buffer Overruns Epstein, Jeremy (Dec 20)
- RE: Buffer Overruns Doty, Ted (ISSAtlanta) (Dec 20)
- RE: Buffer Overruns LeGrow, Matt (Dec 20)
- Re: Buffer Overruns Steven M. Bellovin (Dec 21)
- RE: Buffer Overruns sean . kelly (Dec 22)
- Re: Buffer Overruns Michael Kelly (Dec 22)
- RE: Buffer Overruns sean . kelly (Dec 22)
- Re: Buffer Overruns Joseph S D Yao (Dec 23)
- RE: Buffer Overruns sean . kelly (Dec 23)
- Message not available
- Message not available
- Re: Buffer Overruns Crispin Cowan (Dec 30)
- Re: Buffer Overruns Joseph S D Yao (Dec 30)
- Message not available