Please excuse me, but wasn't this whole thing started by the possibility
of someone executing a private, non intended program or function by
exploiting stack-overflow in a program that gets user input?
If so, shouldn't the proper course of action be to rewrite the user input
portion of the program so this was impossible? I see too may programs
that use gets(buffer) with buffer[] being a few hundred bytes allocated
on the stack. This is very bad coding. It's just luck that makes such
programs work.
If you prevented writing beyond the end of a buffer, no matter what got
written to the buffer will not ever cause any problems. Am I missing
something here?
Can't I send the most horrible and dangerous virii to any server
anywhere, and if it isn't executed, it does nothing?
Cheers,
Dick Johnson
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard B. Johnson
Project Engineer
Analogic Corporation
Voice : (508) 977-3000 ext. 3754
Fax : (508) 532-6097
Modem : (508) 977-6870
Ftp : ftp@boneserver.analogic.com
Email : rjohnson@analogic.com, johnson@analogic.com
Penguin : Linux version 2.1.34 on an i586 machine (66.15 BogoMips).
Warning : I read unsolicited mail for $350.00 per hour. Supply billing address.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-