Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
mikie.simpson at gmail.com
Tue Aug 10 12:47:42 BST 2010
On 10 August 2010 11:04, Roland Perry <lists at internetpolicyagency.com> wrote:
> In article <C6F343320DAC194BA010FD66AD4936233924AE at home.usermgmt.local>,
> David Biggins <David_Biggins at usermgmt.com> writes
>> And that still doesn't solve the real problem, which remains in the
>> millions of lines of code out there, in standard libraries and in the
>> operating system, using the original version, and imposing the
>> vulnerability on you, every time you call them...
> Time to re-write the operating system then. As it's well past the classic
> version 3, how about getting this right in version 6? Failing that, version
> 7 :)
>>> >The second was adoption by Intel of the "top down" hardware stack
>>> Another naive question: Why not position the stack at the lower end of
>>> the memory map, so that nothing can rise up and bite it?
>> Ah - I see I haven't explained myself clearly enough.
>> The problem is not something below the stack rising to bite it. It's
>> from something "newer" on the stack (i.e. low in memory) overflowing its
>> reserved space on the stack to rise up and bite something "older" on the
>> stack (i.e. higher in memory).
> But if stacks grow downwards, how can a newer item rise upwards?
> Roland Perry
Aleph One wrote an excellent paper on this a while ago that is worth a read
"smashing the stack for fun and profit"
It might fill out the also excellent "buffer overflow in a nutshell"
that the list has been treated to in recent days.
More information about the ukcrypto