Xref: utzoo comp.lang.c:14461 comp.unix.wizards:13071 Path: utzoo!utgpu!watmath!clyde!att!ttrdc!levy From: levy@ttrdc.UUCP (Daniel R. Levy) Newsgroups: comp.lang.c,comp.unix.wizards Subject: Re: Insecure hardware (was Re: gets(3) nonsense) Message-ID: <3058@ttrdc.UUCP> Date: 2 Dec 88 02:26:00 GMT References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <14733@mimsy.UUCP> Organization: AT&T, Skokie, IL Lines: 16 In article <14733@mimsy.UUCP>, chris@mimsy.UUCP (Chris Torek) writes: > I will, however, note that any number of local changes might have > moved the address `wwww' far enough to foil the attack. One could > argue that, perhaps, each process should have a different view of its > own address space. It would certainly be easy enough to have the > c startup code move the stack down by a pseudo-random amount.... Couldn't this cause problems in using a debugger? With the stack location differing from invocation to invocation, pointer values which refer to stack locations would also differ between otherwise identical runs of a program. -- |------------Dan Levy------------| THE OPINIONS EXPRESSED HEREIN ARE MINE ONLY | Bell Labs Area 61 (R.I.P., TTY)| AND ARE NOT TO BE IMPUTED TO AT&T. | Skokie, Illinois | |-----Path: att!ttbcad!levy-----|