> int save_uid;
> char buf[10];
>
> save_uid = getuid();
> setuid(0);
> fp = fopen("input", "r");
> fscanf(fp, "%s", buf);
> setuid(save_uid);
For this particular example, in some levels of optimization (gcc -O2,
I believe, or via other future compiler hacks) your generated code
could place the objects on the stack in this order: return address,
buf[], save_uid. Coupled with the other approaches, that would solve
this particular case.
(But I don't believe in solving these special cases one by one).
> My personal feelings on the recent proposals for fixing
> "the overflow problem" is that I don't like them. They all
> seem hacky to me, and all claim to be a silver bullet to finally
> put an end to the problem. I much rather see the original problems
> fixed, a solution that is much more aesthetically pleasing to
> me. On the other hand the proposals do reduce the number of
> attacks, and buy time until attackers get more sophisticated
> in their exploits.
I don't even hope to see a magic solution coming down the line. I'll
just continue fixing the basic bugs. (But they are getting harder to
find; perhaps I should start using Purify or Insight..)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:06 PDT