stack smashing Was: Re: Scanning Formats (TIFF vs. JPEG)
alexeyt at freeshell.org
Sat Aug 19 01:05:00 CDT 2006
On Fri, 18 Aug 2006, Brad Parker wrote:
> I think this whole discussion is at the wrong level. You need to free
> yourself from the "C and pointers" mentality.
Why? Why should I tell myself that there are no pointers if in fact
pointers are in use? If I close my eyes will the processor stop addressing
memory? I don't thinks so.
> If the userland application programming language didn't have pointers
> and had dynamic type checking you might find the whole problem just
> goes away.
No, it bloody well doesn't. Security has never magically appeared. You
can't give up pointers for lent and discover you've become hackerproof.
> pointers are not your friend unless you are programming in assembler
> (and believe me, C is just a nice portable assembler)
> jump up a few levels. abstraction is your friend.
Abstraction does not stop someone from using the raw capabilities of the
machine. Only by taking away the ability to write to protected memory can
you achieve security.
> (oh, and there is my "useless, off topic, and confused" posting for the
> month. just to stay on quota :-)
More information about the cctech