Re: Is Unix security really so weak?

In message <5j83d2$isv_at_mimsy.cs.umd.edu>

        joshd_at_cs.umd.edu (Joshua Daymont) writes:

> Thomas H. Ptacek (tqbf_at_char-star.rdist.org) wrote:
 

> : Thu, 17 Apr 1997 16:27:59 -0700 tmetzger_at_ctf.com:
> : >I understood everything up to this point, but what does it mean to
> : >"inject executable code into the running process?" Don't programs
> : >normally just crash when there's a stack buffer overrun?
 

> : For example, in my GNU C programs, every subroutine I call has a stack
> : frame. That stack frame tells the program how to "return" from the
 

> Not always true for gcc on a sparc w/ optimization.

However, that doesn't affect buffer overflow attacks very much; it is sufficient that some functions have stack frames.

David Hopwood
david.hopwood_at_lmh.ox.ac.uk, hopwood_at_zetnet.co.uk Received on Mon Apr 21 1997 - 00:00:00 CDT