Full Disclosure mailing list archives

Re: Buffer overflow prevention

From: pageexec () freemail hu
Date: Mon, 18 Aug 2003 11:18:45 +0200

Subject:  Buffer overflow prevention
From:     "Eygene A. Ryabinkin" <rea () rea ! mbslab ! kiae ! ru>
Date:     2003-08-13 10:28:33

So, my suggestion: let us organise two segments: one for normal
stack, growing downwards, referenced by SS:ESP pair and the second
one, for local variables, referenced by GS:EBP pair, with either
upwards or downwards growing.

[...]

Second, rewrite the compiler to support the new scheme of local
variables addresation. So, the changes are minimal, in some sence.


As soon as you create two segments with different base addresses you
will have to increase the size of the internal pointer representation
(to store or at least identify the segment in which the given pointer
as a logical address is valid), otherwise functions taking pointers
would not be able to tell in which segment to dereference a given
pointer value. This change will open a whole can of worms, it's
definitely not a minimal change as you suggest and if you go to this
trouble, you might as well go for full bounds checking.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- <Possible follow-ups>
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
  - Re: Re: Buffer overflow prevention KF (Aug 14)
  - Re: Re: Buffer overflow prevention Peter Busser (Aug 20)
    - Re: Re: Buffer overflow prevention Valdis . Kletnieks (Aug 20)
- Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- Re: Buffer overflow prevention pageexec (Aug 18)