[15963] in bugtraq
Re: StackGuard with ... Re: [Paper] Format bugs.
daemon@ATHENA.MIT.EDU (Dick St.Peters)
Tue Jul 25 18:36:09 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14717.38099.682694.894021@saint.heaven.net>
Date: Tue, 25 Jul 2000 13:23:31 +0000
Reply-To: "Dick St.Peters" <stpeters@NETHEAVEN.COM>
From: "Dick St.Peters" <stpeters@NETHEAVEN.COM>
X-To: "Greg A. Woods" <woods@weird.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000724183145.C17E593@proven.weird.com>
Greg A. Woods writes:
> A true fix requires something that would change the language definition
> in a more fundamental way. I think the best idea would be to revise the
> calling conventions used for functions with variable numbers of
> arguments (or perhaps all functions) and defining a new varargs/stdards
> API (complete with error handling) that can be made a part of the
> language definition such that a function can discern, at run time, the
> number of, and type of, parameters it was called with. ...
The DEC VAX had an argument count as part of the hardware architecture.
I found this argument count very useful in a stack-walking program in
about 1982 ...
Providing a would-be cracker with additional information like argument
counts (or, I'll venture, argument types) is not much of a solution.
--
Dick St.Peters, stpeters@NetHeaven.com
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
Oldest Internet service based in the Adirondack-Albany region
