I'm not so sure about that. Suppose we have the following
on a pushdown stack:
+------------------------------------------------
| ret-addr; caller of MyCarelessFunction
+------------------------------------------------
| some automatic variables
| char buffer[80]; /* I pass this to gets() */
| some more automatic variables
+------------------------------------------------
| ret-addr; my call to gets()
+------------------------------------------------
This is a picture of the stack during an ill considered
call to gets(). In other words, gets() is running right
now, and is about to copy a long line that some cracker
has fed to my poorly written program into the buffer
shown. If the copy goes up, it writes over the return
address for the call to MyCarelessFunction(), so when
I return, the cracker gets control. If the copy goes
down, it writes over the return address for my call
to gets(), so the cracker gets control sooner. In
either case, the cracker gets control.
> Maybe I'm blowing monkeys out my arse, I'm not sure.
It was a good thought. Don't let me discourage you
altogether.
--- L. Adrian Griffis - KE6CSX - adrian@idir.net- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html