[12756] in bugtraq
Re: WordPad/riched20.dll buffer overflow
daemon@ATHENA.MIT.EDU (Jason Spence)
Mon Nov 29 14:45:12 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <003601bf39a2$07711580$1906aace@nexus>
Date: Sun, 28 Nov 1999 05:11:01 -0800
Reply-To: Jason Spence <thalakan@TECHNOLOGIST.COM>
From: Jason Spence <thalakan@TECHNOLOGIST.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: Glynn Clements <glynn@SENSEI.CO.UK>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Saturday, November 27, 1999 7:22 AM
Subject: Re: WordPad/riched20.dll buffer overflow
> Christopher Rhodes wrote:
>
> > I think one of the major problems with the Linux implementation, and
> > apparently windows too, is that noone pays attention to the added
security
> > provided by segmentation (at least to the point of putting the stack on
a
> > different segment?)
>
> Having separate non-overlapping stack and data segments causes a great
> many problems if you want to be able to write programs in C, given
> that a data pointer has to be able to record the address of any
> variable, regardless of whether it is static (data segment) or
> automatic (stack segment).
Looking through the source code some more, I see examples of this. It would
completely hose the portability of the source code too. It might be a good
exercise to get a copy of the Coriolis book, "Linux Core Kernel Commentary",
which has a bunch of these issues addressed, as well as a discussion of the
memory model problem in the back.
- Jason
