Bugtraq mailing list archives
Re: WordPad/riched20.dll buffer overflow
From: thalakan () TECHNOLOGIST COM (Jason Spence)
Date: Sun, 28 Nov 1999 05:11:01 -0800
----- Original Message ----- From: Glynn Clements <glynn () SENSEI CO UK> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Saturday, November 27, 1999 7:22 AM Subject: Re: WordPad/riched20.dll buffer overflow
Christopher Rhodes wrote:I think one of the major problems with the Linux implementation, and apparently windows too, is that noone pays attention to the added
security
provided by segmentation (at least to the point of putting the stack on
a
different segment?)Having separate non-overlapping stack and data segments causes a great many problems if you want to be able to write programs in C, given that a data pointer has to be able to record the address of any variable, regardless of whether it is static (data segment) or automatic (stack segment).
Looking through the source code some more, I see examples of this. It would completely hose the portability of the source code too. It might be a good exercise to get a copy of the Coriolis book, "Linux Core Kernel Commentary", which has a bunch of these issues addressed, as well as a discussion of the memory model problem in the back. - Jason
Current thread:
- Page table protection on Intel, (continued)
- Page table protection on Intel Jason Spence (Nov 26)
- SuSE Security Announcement - new security tools Marc Heuse (Nov 26)
- 3Com cable modems / Mediaone Signal 11 (Nov 27)
- Re: 3Com cable modems / Mediaone Joseph W. Breu (Nov 29)
- NTmail and VRFY George (Nov 30)
- Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 27)
- Re: WordPad/riched20.dll buffer overflow Crispin Cowan (Nov 27)
- Re: WordPad/riched20.dll buffer overflow Solar Designer (Nov 29)
- Re: WordPad/riched20.dll buffer overflow Casper Dik (Nov 30)
- Default IE 5.0 security settings allow frame spoofing Georgi Guninski (Nov 30)
- Re: WordPad/riched20.dll buffer overflow Jason Spence (Nov 28)
- TooRcon Computer Security Expo Announces Pre-Registration Ben (Nov 28)
- Re: WordPad/riched20.dll buffer overflow - Full Details Solar Eclipse (Nov 21)
- Re: WordPad/riched20.dll buffer overflow Solar Eclipse (Nov 22)
- Re: WordPad/riched20.dll buffer overflow Ron Parker (Nov 23)
- Re: WordPad/riched20.dll buffer overflow Mnemonix (Nov 23)