From: ebiederm@xmission.com (Eric W. Biederman)
To: Manfred Spraul <manfred@colorfullife.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Is this the ultimate stack-smash fix?
Date: 15 Feb 2001 09:00:48 -0700 [thread overview]
Message-ID: <m1k86s6imn.fsf@frodo.biederman.org> (raw)
In-Reply-To: <3A899FEB.D54ABBC7@sympatico.ca> <m1lmr98c5t.fsf@frodo.biederman.org> <3A8ADA30.2936D3B1@sympatico.ca> <m1hf1w8qea.fsf@frodo.biederman.org> <3A8BF5ED.1C12435A@colorfullife.com>
In-Reply-To: Manfred Spraul's message of "Thu, 15 Feb 2001 16:29:49 +0100"
Manfred Spraul <manfred@colorfullife.com> writes:
> "Eric W. Biederman" wrote:
> >
> > But the gcc bounds checking work is the ultimate buffer overflow fix.
> > You can recompile all of your trusted applications, and libraries with
> > it and be safe from one source of bugs.
> >
>
> void main(int argc, char **argv[])
> {
> char local[128];
> if(argc > 2)
> strcpy(local,argv[1]);
> }
>
> Unless you modify the ABI and pass the array bounds around you won't
> catch such problems,
Of course. But this is linux and you have the source. And I did mention
you needed to recompile the libraries your trusted applications depended on.
> and I won't even mention unions and
>
> struct dyn_data {
> int len;
> char data[];
> }
Yep bounds checking is not an easy fix. But it is a good fix.
Eric
next prev parent reply other threads:[~2001-02-15 19:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-13 20:58 Is this the ultimate stack-smash fix? Jeremy Jackson
2001-02-13 21:06 ` Alan Cox
2001-02-13 21:22 ` James Sutherland
2001-02-13 23:04 ` Bruce Harada
2001-02-13 23:14 ` William T Wilson
2001-02-14 16:25 ` Eric W. Biederman
2001-02-14 19:19 ` Jeremy Jackson
2001-02-14 20:43 ` Gerhard Mack
2001-02-15 5:30 ` Eric W. Biederman
2001-02-15 15:29 ` Manfred Spraul
2001-02-15 16:00 ` Eric W. Biederman [this message]
2001-02-17 14:43 ` Peter Samuelson
2001-02-18 4:53 ` Eric W. Biederman
2001-02-20 1:10 ` Andreas Bombe
2001-02-20 9:09 ` Xavier Bestel
2001-02-20 16:40 ` Jeremy Jackson
2001-02-20 17:04 ` Xavier Bestel
2001-02-21 0:13 ` Andreas Bombe
2001-02-21 9:30 ` Xavier Bestel
2001-02-15 15:32 ` Jeremy Jackson
2001-02-17 10:47 ` Florian Weimer
2001-02-17 20:32 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1k86s6imn.fsf@frodo.biederman.org \
--to=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox