On Tue, 2002-11-05 at 19:04, Linas Vepstas wrote: > Its time the stack-growth-direction bug got fixed; the architectural > limitations that caused it to grow down are now gone, and the > stack-overrun attacks that it engenders are a great threat to > computer security.
Except that parisc has a stack that works ass-backwards and people still write exploits for it. Many of the techniques are somewhat independant and have to be - a lot of RISC uses register linking returns so simple buffer overflow is hard. Flavour of the year appears to be maths sign/overflow mishandling. Buffer overflows are no longer a growth area as programmers learn that one. > For this to catch on in the mainstream, other CPU architectures > would need to add similar features as well. But given the recent > burbling from microsoft and intel about palladium and how cpu arch > changes can enhance security, (which intel seems to be actually > working on) I do not think that it is too wild, too early or too > impractical to engage in this task. I don't really see how fiddling with libraries helps you, but enlighten me
