Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: X68-64 buffer overflow exploits and the borrowed code chunks exploitation technique

From: Carlos Moreno <moreno_at_mochima_dot_com@xx.xxx>
Date: Fri Oct 07 2005 - 17:53:36 CEST



tomstdenis@gmail.com wrote:



> The correct solution to the


> overall problem is just to not write code that can get into that state.


>  Use proper buffer management techniques, check inputs for validity,


> etc.



I completely disagree with this statement.  I'm not supporting


sloppy coding and the proliferation of incompetent programmers,


but...  Relying on every single programmer writing *perfect*


code, without making a single mistake *ever* has proven to be


the wrong approach.



I mean, would you oppose to hardware-based memory protection?


One could claim that "the correct solution" is to never write


code that has pointer/memory-related bugs, etc.  I get a more


peaceful sleep knowing that if I make the mistake, I get a


segfault and core dump, instead of overwriting some internal


kernel buffers.



I do relate to your "cry for better programming in the world",


I do...  and yes, I agree with the rest of your message.  But


I think the above statement is incorrect.



Carlos



--


Received on Sat Oct 15 04:38:44 2005