Re: Is this the ultimate stack-smash fix?

From: Eric W. Biederman (ebiederm@xmission.com)
Date: Thu Feb 15 2001 - 11:00:48 EST


Manfred Spraul <manfred@colorfullife.com> writes:

> "Eric W. Biederman" wrote:
> >
> > But the gcc bounds checking work is the ultimate buffer overflow fix.
> > You can recompile all of your trusted applications, and libraries with
> > it and be safe from one source of bugs.
> >
>
> void main(int argc, char **argv[])
> {
> char local[128];
> if(argc > 2)
> strcpy(local,argv[1]);
> }
>
> Unless you modify the ABI and pass the array bounds around you won't
> catch such problems,

Of course. But this is linux and you have the source. And I did mention
you needed to recompile the libraries your trusted applications depended on.

> and I won't even mention unions and
>
> struct dyn_data {
> int len;
> char data[];
> }

Yep bounds checking is not an easy fix. But it is a good fix.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Feb 15 2001 - 21:00:27 EST