|
On Mon, 2004-11-08 at 13:28, Barbara Morris wrote: > Rich Duzenbury wrote: > > ... > > That's good news. So, in my opinion, the likelihood that an attacker > > could hit an exact byte in RPG static storage is getting extremely low - > > The buffer has to be accessible via a pointer, unprotected by program > > code, and the storage layout from the compiler is arbitrary, so the > > important 'admin_flag' is not necessarily accessible past the end of the > > buffer. > > > > I'm can't imagine how it would be possible to make an attack through > your program even if someone did know the variable name that would get > affected by a buffer overflow. So far, it's just a test to see if it's possible. My test program doesn't take any external input (yet!). What if it were changed to read from a socket into an improperly protected buffer? > > But assuming that was possible, it just takes a bit more work to figure > out where the buffer overflow occurs. By comparing the addresses of the > fields, you can see how storage is laid out. Hmm. I was starting to think it would be *too* hard, are you saying it's not necessarily hard? Thanks, Barbara. -- Regards, Rich Current Conditions in Des Moines, IA Broken Clouds Temp 50F Winds out of the Southeast at 8mph
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
