Bugtraq mailing list archives

Re: Buffer overflow prevention

From: Miod Vallat <miod () online fr>
Date: Thu, 14 Aug 2003 20:24:40 +0000

  ProPolice is not magical, though. There are plenty of cases where it is
totally inefficient. To illustrate a very common one :

[snip oflow of 5-byte buffer]

This particular case ``works'' because, by design, propolice will not
attempt to protect structures smaller than 16 bytes.

This can be changed by a simple gcc recompilation... and it's probably
worth doing.

Miod

Current thread:

Re: Buffer overflow prevention, (continued)
- - Re: Buffer overflow prevention Peter Busser (Aug 15)
    - Re: Buffer overflow prevention Solar Designer (Aug 15)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
  - Re: Buffer overflow prevention Theo de Raadt (Aug 14)
    - Re: Buffer overflow prevention Matt D. Harris (Aug 14)
    - Re: Buffer overflow prevention sauron (Aug 14)
  - Re: Buffer overflow prevention Timo Sirainen (Aug 14)
    - Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
    - Re: Buffer overflow prevention Peter Busser (Aug 15)
  - Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
    - Re: Buffer overflow prevention Miod Vallat (Aug 14)
    - Re: Buffer overflow prevention Peter Busser (Aug 15)
    - Re: Buffer overflow prevention stealth (Aug 15)
    - Re: Buffer overflow prevention Mark Tinberg (Aug 18)
    - Re: Buffer overflow prevention Crispin Cowan (Aug 18)
    - Re: Buffer overflow prevention Peter Busser (Aug 18)
  - Re: Buffer overflow prevention Thomas Sjögren (Aug 14)
  - Re: Buffer overflow prevention Shaun Clowes (Aug 15)
    - Re: Buffer overflow prevention Crispin Cowan (Aug 15)
    - Re: Buffer overflow prevention Shaun Clowes (Aug 18)
    - Re: Buffer overflow prevention Crispin Cowan (Aug 18)

(Thread continues...)