Secure Coding mailing list archives

Re: (Shellcode Injection)

From: ljknews <ljknews () mac com>
Date: Sat, 13 Dec 2003 16:45:30 +0000

At 6:08 PM -0800 12/12/03, Crispin Cowan wrote:

 It's
not possible to avoid shell code injection when you don't know what
shell code is or why that might be bad.

I'm sorry, but that's wrong. It is entirely possible to avoid shell code injection in type safe languages.


Ok, I will admit to never having heard the term "shellcode injection".
Google did not help, finding only references, not definitions.

Could someone explain in terms that do _not_ assume a Unix or Windows
background ?

Current thread:

[SC-L] Jeffrey W. Baker (Dec 12)
- Re: [SC-L] Crispin Cowan (Dec 12)
  - Re: (Shellcode Injection) ljknews (Dec 13)
    - Re: (Shellcode Injection) Crispin Cowan (Dec 13)
    - Re: (Shellcode Injection) ljknews (Dec 14)
    - Re: (Shellcode Injection) Crispin Cowan (Dec 14)
    - Re: (Shellcode Injection) ljknews (Dec 15)
    - Re: (Shellcode Injection) Crispin Cowan (Dec 15)
    - The right tool for the right job, quit beating on the C language Dana Epp (Dec 14)
    - Re: The right tool for the right job, quit beating on the C language ljknews (Dec 14)
    - Re: (Shellcode Injection) Louis Solomon [SteelBytes] (Dec 15)
    - Re: (Shellcode Injection) ljknews (Dec 15)
    - Message not available
    - Re: (Shellcode Injection) Crispin Cowan (Dec 14)

(Thread continues...)