Xref: utzoo comp.lang.c:14461 comp.unix.wizards:13071
Path: utzoo!utgpu!watmath!clyde!att!ttrdc!levy
From: levy@ttrdc.UUCP (Daniel R. Levy)
Newsgroups: comp.lang.c,comp.unix.wizards
Subject: Re: Insecure hardware (was Re: gets(3) nonsense)
Message-ID: <3058@ttrdc.UUCP>
Date: 2 Dec 88 02:26:00 GMT
References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <14733@mimsy.UUCP>
Organization: AT&T, Skokie, IL
Lines: 16

In article <14733@mimsy.UUCP>, chris@mimsy.UUCP (Chris Torek) writes:
> I will, however, note that any number of local changes might have
> moved the address `wwww' far enough to foil the attack.  One could
> argue that, perhaps, each process should have a different view of its
> own address space.  It would certainly be easy enough to have the
> c startup code move the stack down by a pseudo-random amount....

Couldn't this cause problems in using a debugger?  With the stack location
differing from invocation to invocation, pointer values which refer to stack
locations would also differ between otherwise identical runs of a program.

-- 
|------------Dan Levy------------|  THE OPINIONS EXPRESSED HEREIN ARE MINE ONLY
| Bell Labs Area 61 (R.I.P., TTY)|  AND ARE NOT TO BE IMPUTED TO AT&T.
|        Skokie, Illinois        | 
|-----Path:  att!ttbcad!levy-----|