Hi `who | cut -f1 d' '`, Lately, I have been reading some articles on buffer overflows. Many of them seem to be caused by using local variables that are allocated on the stack and then written to with no proper bounds checking. I don't know of other architectures, but on x86, the stack grows downwards (from higher memory addresses to lower memory addresses). This makes buffer overflows attacks easy to exploit: if a function uses strcpy() instead of strncpy() to copy data (or memset or anything else that normally works upwards), due to the downwards nature of the stack implementation, it's possible to overwrite the function's return address, or even another function local data waiting in the call stack -> the stack grows downwards, but strcpy() works upwards, thus being able to cross stack function boundaries (overwritting other functions local data or even its return address). However, what would happen if the stack was implemented to grow upwards (from lower memory addresses to higher memory addresses)? With this kind of implementation, if the last function in the call stack invokes strcpy() over a local variable (allocated onto the stack) without checking bounds, the extra data would not overwrite neither the own function's return address nor any other function waiting onto the call stack -> the stack grows upwards and so does strcpy() when writting memory. I know there are hardware implementation details involved in this issue, like the way PUSH and POP work, but this is just an idea :-) Comments on this? Could this be viable? Is the whole idea stupid in general? Thanks! Felipe Alfaro -- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze -- Phoebe-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/phoebe-list
