Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 15 Feb 2001 10:29:50 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 15 Feb 2001 10:29:40 -0500 Received: from colorfullife.com ([216.156.138.34]:39180 "EHLO colorfullife.com") by vger.kernel.org with ESMTP id ; Thu, 15 Feb 2001 10:29:28 -0500 Message-ID: <3A8BF5ED.1C12435A@colorfullife.com> Date: Thu, 15 Feb 2001 16:29:49 +0100 From: Manfred Spraul X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.17-14 i586) X-Accept-Language: en MIME-Version: 1.0 To: "Eric W. Biederman" CC: Jeremy Jackson , linux-kernel@vger.kernel.org Subject: Re: Is this the ultimate stack-smash fix? In-Reply-To: <3A899FEB.D54ABBC7@sympatico.ca> <3A8ADA30.2936D3B1@sympatico.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org "Eric W. Biederman" wrote: > > But the gcc bounds checking work is the ultimate buffer overflow fix. > You can recompile all of your trusted applications, and libraries with > it and be safe from one source of bugs. > void main(int argc, char **argv[]) { char local[128]; if(argc > 2) strcpy(local,argv[1]); } Unless you modify the ABI and pass the array bounds around you won't catch such problems, and I won't even mention unions and struct dyn_data { int len; char data[]; } -- Manfred - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/