Re: Is this the ultimate stack-smash fix?

[Eric W. Biederman]

Manfred Spraul <[EMAIL PROTECTED]> writes:

> "Eric W. Biederman" wrote:
> > 
> > But the gcc bounds checking work is the ultimate buffer overflow fix.
> > You can recompile all of your trusted applications, and libraries with
> > it and be safe from one source of bugs.
> >
> 
> void main(int argc, char **argv[])
> {
>       char local[128];
>       if(argc > 2)
>               strcpy(local,argv[1]);
> }
> 
> Unless you modify the ABI and pass the array bounds around you won't
> catch such problems, 

Of course.  But this is linux and you have the source.  And I did mention
you needed to recompile the libraries your trusted applications depended on.


> and I won't even mention unions and
> 
> struct dyn_data {
>       int len;
>       char data[];
> }

Yep bounds checking is not an easy fix.  But it is a good fix.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/