[12749] in bugtraq
Re: WordPad/riched20.dll buffer overflow
daemon@ATHENA.MIT.EDU (Glynn Clements)
Sat Nov 27 14:18:55 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14399.63309.139000.432655@glynn.ingames.com>
Date: Sat, 27 Nov 1999 16:22:49 +0100
Reply-To: Glynn Clements <glynn@SENSEI.CO.UK>
From: Glynn Clements <glynn@SENSEI.CO.UK>
X-To: Christopher Rhodes <chrisr@VERIMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9911261358400.13522-100000@bach>
Christopher Rhodes wrote:
> I think one of the major problems with the Linux implementation, and
> apparently windows too, is that noone pays attention to the added security
> provided by segmentation (at least to the point of putting the stack on a
> different segment?)
Having separate non-overlapping stack and data segments causes a great
many problems if you want to be able to write programs in C, given
that a data pointer has to be able to record the address of any
variable, regardless of whether it is static (data segment) or
automatic (stack segment).
There are workarounds (i.e. foregoing the simplicity of a flat memory
model), but these are invariably either inefficient (e.g. the "huge"
memory model found on 16-bit x86 C compilers), or not actually C (e.g.
the "near" and "far" keywords in the language-which-looks-like-C-but-isn't
that was commonly used for 16-bit x86 development).
Also, using segmentation pretty much guarantees that your OS cannot be
made to run on anything other than the x86 architecture (which is
about the worst of the bunch; no sane person would use x86 if wasn't
for the compatibility issues).
--
Glynn Clements <glynn@sensei.co.uk>
