Firewall Wizards mailing list archives
Re: Obtuse smtpd
From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
Date: Wed, 8 Jul 1998 10:51:19 -0400 (EDT)
PROBLEM!
...
How do you detect one type of stack overwrite but not the other? [I guess I'll go read the Web page, too.] If you protect only the stack frame info, that takes a lot of registers - one set for each stack frame, with no defined maximum. If you protect the whole stack, you can't use data on it as read-write data.
I went and read it. Apparently, they only protect the return address in the most recent stack frame. This still allows for problems ... especially if I overrun a buffer that was passed as an argument, or is otherwise available from a previous stack frame. -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- RE: Obtuse smtpd Craig Woods (Jul 01)
- <Possible follow-ups>
- RE: Obtuse smtpd Craig Woods (Jul 02)
- StackGuard Crispin Cowan (Jul 07)
- Re: Obtuse smtpd Joseph S. D. Yao (Jul 07)
- Re: Obtuse smtpd Joseph S. D. Yao (Jul 08)
- Re: Obtuse smtpd Crispin Cowan (Jul 12)
- Re: obtuse smtpd John Lines (Jul 02)
- Re: obtuse smtpd Joseph S. D. Yao (Jul 07)