Re: A way to prevent buffer overflow exploits?

fjh@cs.mu.OZ.AU (Fergus Henderson)
4 Aug 1998 22:17:44 -0400

          From comp.compilers

Related articles
Re: A way to prevent buffer overflow exploits? jhardin@wolfenet.com (1998-07-30)
Re: A way to prevent buffer overflow exploits? albaugh@agames.com (1998-07-31)
Re: A way to prevent buffer overflow exploits? anton@mips.complang.tuwien.ac.at (1998-07-31)
Re: A way to prevent buffer overflow exploits? toon@moene.indiv.nluug.nl (Toon Moene) (1998-08-02)
Re: A way to prevent buffer overflow exploits? dlmoore@pgroup.com (David L Moore) (1998-08-02)
Re: A way to prevent buffer overflow exploits? pizka@informatik.tu-muenchen.de (1998-08-03)
Re: A way to prevent buffer overflow exploits? fjh@cs.mu.OZ.AU (1998-08-04)
Re: A way to prevent buffer overflow exploits? bear@sonic.net (Ray Dillinger) (1998-08-10)
Re: A way to prevent buffer overflow exploits? eodell@pobox.com (1998-08-13)
Re: A way to prevent buffer overflow exploits? khays@sequent.com (1998-08-16)
Re: A way to prevent buffer overflow exploits? shriram@cs.rice.edu (Shriram Krishnamurthi) (1998-08-16)
Re: A way to prevent buffer overflow exploits? conway@cs.mu.OZ.AU (1998-08-16)
Re: A way to prevent buffer overflow exploits? genew@vip.net (1998-08-17)
[5 later articles]
| List of all articles for this month |

From: fjh@cs.mu.OZ.AU (Fergus Henderson)
Newsgroups: comp.compilers
Date: 4 Aug 1998 22:17:44 -0400
Organization: Computer Science, The University of Melbourne
References: 98-07-242 98-07-246 98-08-014
Keywords: errors, practice, comment

pizka@informatik.tu-muenchen.de (Markus Pizka) writes:


>Worse than that, this similarly also holds for heap space. It just seems as
>if no one has yet tried to mess up heap space with overflows in a
>similar way.


There are two main reasons why people used fixed-size buffers on the
stack:


    (1) C doesn't support variable-sized arrays on the stack.


    (2) When reading in data of unknown size, it is often convenient
                to read it into a fixed-size buffer that is "big enough",
and then (once its size is known) copying it to a
variable-sized area on the heap.




Regarding (1), C does support variable-sized areas on the heap, so the
same problem doesn't arise there. Regarding (2), in this case, the
fixed-size buffer is normally allocated on the stack or statically.
So I suspect there are simply far less heap buffer overruns to
exploit.


But I agree that using a separate stack for return addresses is not a
proper solution, and since it breaks binary compatibility and probably
reduces efficiency, it is unlikely to ever be adopted.


A better approach is to use safer programming languages, especially
for security-critical applications. Who ever heard of a buffer
overflow exploit for a program written in Java, Sather, Haskell, or
Mercury?


--
Fergus Henderson <fjh@cs.mu.oz.au>
WWW: <http://www.cs.mu.oz.au/~fjh>
PGP: finger fjh@128.250.37.3
[I don't have much trouble with them in perl, either. -John]
--


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.