Re: A way to prevent buffer overflow exploits?

albaugh@agames.com (Mike Albaugh) wrote:


> I'd also second the moderators comment:


> : [This isn't a band-aid I'd endorse. If you want to fix your programs,
> : fix them, or better write them in a language that doesn't have those
> : holes. -John]


> as I haven't had a stack-smash in ages. Of course, I don't
> use gets or scanf...


As one of the second rank maintainers of egcs, I fully endorse the above
sentiment expressed by Mike Albaugh.


Every day we're awakened reading security warnings towards this or that
_free_ unix package. Are the guys/dolls writing this stuff younger than,
say, 15 years old ?


I can vividly recall the Internet Worm by Robert Morris, d.d. November '88.
It was nothing but an elaborate hack to exploit buffer overruns in daemons.


Please read your history; else you're doomed to repeat it, poorly [I'm
probably paraphrasing someone here]


--
Toon Moene (mailto:toon@moene.indiv.nluug.nl)
Saturnushof 14, 3738 XG Maartensdijk, The Netherlands
Phone: +31 346 214290; Fax: +31 346 214286
g77 Support: mailto:fortran@gnu.org; NWP: http://www.knmi.nl/hirlam
--

Return to the comp.compilers page.
Search the comp.compilers archives again.