Return to the
comp.compilers page.
Search the
comp.compilers archives again.
| From: | fjh@cs.mu.OZ.AU (Fergus Henderson) |
| Newsgroups: | comp.compilers |
| Date: | 4 Aug 1998 22:17:44 -0400 |
| Organization: | Computer Science, The University of Melbourne |
| References: | 98-07-242 98-07-246 98-08-014 |
| Keywords: | errors, practice, comment |
pizka@informatik.tu-muenchen.de (Markus Pizka) writes:
>Worse than that, this similarly also holds for heap space. It just seems as
>if no one has yet tried to mess up heap space with overflows in a
>similar way.
There are two main reasons why people used fixed-size buffers on the
stack:
(1) C doesn't support variable-sized arrays on the stack.
(2) When reading in data of unknown size, it is often convenient
to read it into a fixed-size buffer that is "big enough",
and then (once its size is known) copying it to a
variable-sized area on the heap.
Regarding (1), C does support variable-sized areas on the heap, so the
same problem doesn't arise there. Regarding (2), in this case, the
fixed-size buffer is normally allocated on the stack or statically.
So I suspect there are simply far less heap buffer overruns to
exploit.
But I agree that using a separate stack for return addresses is not a
proper solution, and since it breaks binary compatibility and probably
reduces efficiency, it is unlikely to ever be adopted.
A better approach is to use safer programming languages, especially
for security-critical applications. Who ever heard of a buffer
overflow exploit for a program written in Java, Sather, Haskell, or
Mercury?
--
Fergus Henderson <fjh@cs.mu.oz.au>
WWW: <http://www.cs.mu.oz.au/~fjh>
PGP: finger fjh@128.250.37.3
[I don't have much trouble with them in perl, either. -John]
--
Return to the
comp.compilers page.
Search the
comp.compilers archives again.