From: ebiederm@xmission.com (Eric W. Biederman)
To: Jeremy Jackson <jeremy.jackson@sympatico.ca>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Is this the ultimate stack-smash fix?
Date: 14 Feb 2001 09:25:18 -0700 [thread overview]
Message-ID: <m1lmr98c5t.fsf@frodo.biederman.org> (raw)
In-Reply-To: <3A899FEB.D54ABBC7@sympatico.ca>
In-Reply-To: Jeremy Jackson's message of "Tue, 13 Feb 2001 15:58:19 -0500"
Jeremy Jackson <jeremy.jackson@sympatico.ca> writes:
> Greetings. This is my first post on linux-kernel, I hope this is
> appropriate.
>
> The recent CERT IN-2001-01 's massive repercussions and CA-2001-02's
> re-releasing
> old material in an attempt to coerce admins to update their OS, has led
> me to think about
> buffer overrun exploits. I have gained a new appreciation after being
> rooted twice this month.
>
> I believe there is a solution that can be implemented in the kernel
> (Linux and probably most Unix)
> that can prevent this type of exploit, has no effect on userspace code,
> and is minimally obtrusive
> for the kernel.
There is another much more effective solution in the works. The C
standard allows bounds checking of arrays. So it is quite possible
for the compiler itself to check this in a combination of run-time and
compile-time checks. I haven't followed up but not too long ago
there was an effort to add this as an option to gcc. If you really
want this fixed that is the direction to go. Then buffer overflow
exploits become virtually impossible.
Eric
next prev parent reply other threads:[~2001-02-14 17:05 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-13 20:58 Is this the ultimate stack-smash fix? Jeremy Jackson
2001-02-13 21:06 ` Alan Cox
2001-02-13 21:22 ` James Sutherland
2001-02-13 23:04 ` Bruce Harada
2001-02-13 23:14 ` William T Wilson
2001-02-14 16:25 ` Eric W. Biederman [this message]
2001-02-14 19:19 ` Jeremy Jackson
2001-02-14 20:43 ` Gerhard Mack
2001-02-15 5:30 ` Eric W. Biederman
2001-02-15 15:29 ` Manfred Spraul
2001-02-15 16:00 ` Eric W. Biederman
2001-02-17 14:43 ` Peter Samuelson
2001-02-18 4:53 ` Eric W. Biederman
2001-02-20 1:10 ` Andreas Bombe
2001-02-20 9:09 ` Xavier Bestel
2001-02-20 16:40 ` Jeremy Jackson
2001-02-20 17:04 ` Xavier Bestel
2001-02-21 0:13 ` Andreas Bombe
2001-02-21 9:30 ` Xavier Bestel
2001-02-15 15:32 ` Jeremy Jackson
2001-02-17 10:47 ` Florian Weimer
2001-02-17 20:32 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1lmr98c5t.fsf@frodo.biederman.org \
--to=ebiederm@xmission.com \
--cc=jeremy.jackson@sympatico.ca \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox