DragonFly BSD
DragonFly submit List (threaded) for 2005-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Patch to execve


From: Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date: Tue, 1 Mar 2005 11:42:50 +0100
Mail-followup-to: submit@crater.dragonflybsd.org

On Mon, Feb 28, 2005 at 03:49:11PM -0800, Kevin M. Kilbride wrote:
> It is precisely that difference I am talking about, Joerg. This code is 
> safe:
> 
>    void function(void) {
>       char *x = "some string";
>       potential_string_modifier(x);
>    }
> 
> This code is not safe:
> 
>    void function(void) {
>      char x[] = "some string";
>      potential_string_modifier(x);
>    }
> 
> In the first case, if the potential modifier attempts to write to the 
> string, the program will die. As I pointed out previously, dead programs 
> are always safe. In the second case, if the potential modifier attempts 
> to write to the string, it will succeed---even if it overwrites the 
> stack. It is exercises similar to this that permit stack overflow 
> exploits. Moreover, passing truly-writable copies prevents you from 
> later finding any calls that should not be modifying strings, but which 
> actually do.

This is NOT about buffer overflows. There are a lot of uses for writable
strings beside buffer overflows. One (perhaps bad) example is mktemp.
The problem with the first example is that the compiler is free to place
"some string" in a read-only data section, any modification can recreate
a segfault. Sure, you have to check for overflows, but you have to do
that for any kind of strings anyway.

You've just proven my point :)

Joerg



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]