Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Tue, 5 Sep 2000 22:34:37 -0500
Hi, I know I am going to sound like a moron, but why do these bugs exist in the first place? Why cant the *printf functions take an argc parameter and refuse to expand format strings after that number has been reached? I know this would break most apps instantly, but its such a small change it wouldn't be hard to fix. Is POSIX compliance responsible for this or am I missing some crucial detail? -HD Crispin Cowan wrote:
"Bluefish (P.Magnusson)" wrote:From what I remember from bugtraq, it seems to be quite tricky to provide a good patch to this problem. So I wonder, has any of these tools (ProPolice, libsafe, StackGuard or StackShield) added anything to combat formatation bugs, or if it's an active research area.We are working on a robust solution to the format bug problem, but it is months away from release.
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection antirez (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection typo (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection Benjamin Karas (Sep 05)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection Juliano Rizzo (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection H D Moore (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Slawek (Sep 07)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Message not available
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 12)