Bugtraq mailing list archives
Re: Buffer overflow prevention
From: "Jonathan A. Zdziarski" <jonathan () networkdweebs com>
Date: 13 Aug 2003 14:26:04 -0400
I think this is overkill and will probably cause your applications to run much slower than they already do. I don't see why one couldn't simply put the variable information *after* the rest of the stack information, instead of before, and have the kernel zero out the next stack frame before it gets written to (although this may cause some performance problems in itself). This would prevent a buffer overflow from A) overwriting SS:ESP and B) overflowing code onto the next stackframe.
Current thread:
- Buffer overflow prevention Eygene A. Ryabinkin (Aug 13)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Crispin Cowan (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention weigelt (Aug 15)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Jonathan A. Zdziarski (Aug 13)
- Re: Buffer overflow prevention Andreas Beck (Aug 14)
- Re: Buffer overflow prevention Jingmin (Jimmy) Zhou (Aug 13)
- Re: Buffer overflow prevention Craig Pratt (Aug 13)
- Re: Buffer overflow prevention Patrick Dolan (Aug 13)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- <Possible follow-ups>
- RE: Buffer overflow prevention Lance James (Aug 14)
- Re: Buffer overflow prevention Patrick Dolan (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
(Thread continues...)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)