[c-prog] Re: system's protection against buffer overflow
--- In c-prog@yahoogroups.com, Pedro Izecksohn izecks...@... wrote: I found that static data is executable on some platform. FYI CentOS 5 (linux): Compiled with gcc version 4.1. Now I'll try to overwrite the beginning of main (int, char **). It caused a SIGSEGV. Continuing. Now I'll try to call a piece of static global data located at 0x804897b. Succeeded. Now I'll try to call a piece of malloced data located at 0x881f008. It caused a SIGSEGV. Continuing. Now I'll try to call a piece of stacked data located at 0xbf9a7113. It caused a SIGSEGV. Continuing. I guess it could be a security risk, like running any 'unknown' code.
[c-prog] Re: system's protection against buffer overflow
I found that static data is executable on some platform. I was wrong. There is no reason for a constant string not be executable. It were not testing a writable static piece of memory.
[c-prog] Re: system's protection against buffer overflow
--- In c-prog@yahoogroups.com, Pedro Izecksohn izecks...@... wrote: There is no reason for a constant string not be executable. ...unless program memory and data memory are physically separate (Harvard architecture) eg. my company's chips: http://www.picochip.com/products_and_technology/picoarray_architecture http://en.wikipedia.org/wiki/Harvard_architecture