Bugtraq mailing list archives

Re: WordPad/riched20.dll buffer overflow

From: thalakan () TECHNOLOGIST COM (Jason Spence)
Date: Sun, 28 Nov 1999 05:11:01 -0800


----- Original Message -----
From: Glynn Clements <glynn () SENSEI CO UK>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Saturday, November 27, 1999 7:22 AM
Subject: Re: WordPad/riched20.dll buffer overflow

Christopher Rhodes wrote:

I think one of the major problems with the Linux implementation, and
apparently windows too, is that noone pays attention to the added

security

provided by segmentation (at least to the point of putting the stack on

different segment?)


Having separate non-overlapping stack and data segments causes a great
many problems if you want to be able to write programs in C, given
that a data pointer has to be able to record the address of any
variable, regardless of whether it is static (data segment) or
automatic (stack segment).


Looking through the source code some more, I see examples of this.  It would
completely hose the portability of the source code too.  It might be a good
exercise to get a copy of the Coriolis book, "Linux Core Kernel Commentary",
which has a bunch of these issues addressed, as well as a discussion of the
memory model problem in the back.

 - Jason

Current thread:

Page table protection on Intel, (continued)
- - - Page table protection on Intel Jason Spence (Nov 26)
    - SuSE Security Announcement - new security tools Marc Heuse (Nov 26)
    - 3Com cable modems / Mediaone Signal 11 (Nov 27)
    - Re: 3Com cable modems / Mediaone Joseph W. Breu (Nov 29)
    - NTmail and VRFY George (Nov 30)
    - Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 27)
    - Re: WordPad/riched20.dll buffer overflow Crispin Cowan (Nov 27)
    - Re: WordPad/riched20.dll buffer overflow Solar Designer (Nov 29)
    - Re: WordPad/riched20.dll buffer overflow Casper Dik (Nov 30)
    - Default IE 5.0 security settings allow frame spoofing Georgi Guninski (Nov 30)
    - Re: WordPad/riched20.dll buffer overflow Jason Spence (Nov 28)
    - TooRcon Computer Security Expo Announces Pre-Registration Ben (Nov 28)
- Re: WordPad/riched20.dll buffer overflow User SCOTT (Nov 18)
  - Re: WordPad/riched20.dll buffer overflow - Full Details Solar Eclipse (Nov 21)
- Re: WordPad/riched20.dll buffer overflow Mnemonix (Nov 19)
  - Re: WordPad/riched20.dll buffer overflow Solar Eclipse (Nov 22)
    - Re: WordPad/riched20.dll buffer overflow Ron Parker (Nov 23)
- Re: WordPad/riched20.dll buffer overflow Ussr Labs (Nov 19)
- Re: WordPad/riched20.dll buffer overflow Thomas Dullien (Nov 23)
  - Re: WordPad/riched20.dll buffer overflow Mnemonix (Nov 23)
- Re: WordPad/riched20.dll buffer overflow Ussr Labs (Nov 23)