stack smashing Was: Re: Scanning Formats (TIFF vs. JPEG)

Alexey Toptygin alexeyt at freeshell.org
Sat Aug 19 01:05:00 CDT 2006


On Fri, 18 Aug 2006, Brad Parker wrote:

> I think this whole discussion is at the wrong level.  You need to free
> yourself from the "C and pointers" mentality.

Why? Why should I tell myself that there are no pointers if in fact 
pointers are in use? If I close my eyes will the processor stop addressing 
memory? I don't thinks so.

> If the userland application programming language didn't have pointers
> and had dynamic type checking you might find the whole problem just
> goes away.

No, it bloody well doesn't. Security has never magically appeared. You 
can't give up pointers for lent and discover you've become hackerproof.

> pointers are not your friend unless you are programming in assembler
> (and believe me, C is just a nice portable assembler)
>
> jump up a few levels.  abstraction is your friend.

Abstraction does not stop someone from using the raw capabilities of the 
machine. Only by taking away the ability to write to protected memory can 
you achieve security.

> (oh, and there is my "useless, off topic, and confused" posting for the
> month.  just to stay on quota :-)

Seriously.

 			Alexey



More information about the cctech mailing list