[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling



--- Nicolas Boulay <nicolas.boulay@ifrance.com> wrote:
> Another idea for security :
> 
> One of my idea is to use a separate stack for return
> adress to avoid
> buffer overflow. But this new stack are in memory

hi,

I might be missing the point here, but why can’t we
just check the input of a program ? (like everybody
used to do in basic)
Is it so hard to check the size of something before
its put into a buffer ?

As far as i can see, this is more a problem coused by
a programmer / compiler that doesn’t check un-thruster
input data, and not a CPU “security” problem.

Even when using separate code and data stack, a
buffer overflow still course corrupted data, I can
hardly call that “secure”, and corrupted data is
very likely to crash the program anyway :-) 

jaap.


__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/