Firewall Wizards mailing list archives

Re: Buffer Overruns

From: Crispin Cowan <crispin () cse ogi edu>
Date: Wed, 29 Dec 1999 10:32:55 +0000

Joseph S D Yao wrote:

Crispin, thank you for your supportive words.  But I would like to
differ with you slightly on C++.


Ok.  I try hard to avoid C++, so I'm likely to learn something here :-)

C++, as it has become, is a sufficiently complex language that it
becomes increasingly difficult to use all of it properly.  And it is
still possible to use many of the C tricks that cause so many security
problems, if you just use it as "A Better C".  BUT, I would submit that
there are SOME security advantages to C++ over C, if only its stronger
typing and ability to make stronger interfaces to data types.  If only
people would use them ...


I really have questions on several levels:

  1. What are these stronger typing features?  What kinds of programming
     errors can C++ catch that C won't?
  2. Can those type checks really be said to add security value to a
     language that still supports pointer arithmetic?  I.e. it may catch
     some bugs, but others go straight through, i.e. when people don't use
     the features.  "Strong typing" usually means that using the type
     checking features is mandatory.
  3. What about all those yummy virtual function pointers lying around in
     heap space?  This makes it *much* easier to find a buffer to overflow
     to corrupt an adjacent code pointer.  Here's a straw man example.
     Pardon the crummy syntax, it's been a while :-)
          class shape {
              virtual int    rotate(int degrees);    // rotate the shape
              string    name;        // name of this shape object
          }
     If I can overflow the "name" string, I stomp right on the "rotate"
     virtual function, which is a pointer to code, with the pointer stored
     in heap space right next to the buffer.  This is the *ideal*
     situation for a buffer overflow attack.

Thanks,
    Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org

Current thread:

Re: Buffer Overruns, (continued)
- - Re: Buffer Overruns Crispin Cowan (Dec 21)
- Re: Buffer Overruns Epstein, Jeremy (Dec 20)
- RE: Buffer Overruns Doty, Ted (ISSAtlanta) (Dec 20)
- RE: Buffer Overruns LeGrow, Matt (Dec 20)
- Re: Buffer Overruns Steven M. Bellovin (Dec 21)
- RE: Buffer Overruns sean . kelly (Dec 22)
  - Re: Buffer Overruns Michael Kelly (Dec 22)
- RE: Buffer Overruns sean . kelly (Dec 22)
  - Re: Buffer Overruns Joseph S D Yao (Dec 23)
- RE: Buffer Overruns sean . kelly (Dec 23)
  - Message not available
    - Message not available
    - Re: Buffer Overruns Crispin Cowan (Dec 30)
    - Re: Buffer Overruns Joseph S D Yao (Dec 30)
- RE: Buffer Overruns sean . kelly (Dec 28)