Re: How to develop a random number generation device

From: Nobody <nobody@xxxxxxxxxxx>
Date: Tue, 11 Sep 2007 17:28:32 +0100

On Tue, 11 Sep 2007 07:44:01 -0700, John Larkin wrote:

Cool. When can we expect buffer overrun exploits to be impossible
under Windows?

When it stops letting you run arbitrary machine code.

Nothing the OS does can prevent machine code from overrunning a buffer.
The only thing that the OS can do in this regard is to either restrict
what machine code you can run (e.g. cryptographic signing), and/or run
untrusted code in a heavily-restricted environment so that a buffer
overrun cannot be "exploited".

Given that:

a) this would make Windows totally incompatible with most existing
software, and
b) about the only thing that Windows has in its favour is the mass of
existing Windows software,

I don't expect this to happen any time soon.

.

Follow-Ups:
- Re: How to develop a random number generation device
  - From: No Spam
- Re: How to develop a random number generation device
  - From: krw
- Re: How to develop a random number generation device
  - From: John Larkin

References:
- Re: How to develop a random number generation device
  - From: MooseFET
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: MooseFET
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: MooseFET
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: John Devereux
- Re: How to develop a random number generation device
  - From: MooseFET
- Re: How to develop a random number generation device
  - From: John Devereux
- Re: How to develop a random number generation device
  - From: John Larkin

Prev by Date: Re: Auto polarity changer
Next by Date: Re: small reverse polarisation of electrolytic capacitor
Previous by thread: Re: How to develop a random number generation device
Next by thread: Re: How to develop a random number generation device
Index(es):
- Date
- Thread

Relevant Pages

[NT] Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution
... The MUP receives commands containing UNC names from ... There is proper input checking in this first buffer. ... * Microsoft Windows NT 4.0 Workstation ... the vulnerability could only be exploited by a user who could ...
(Securiteam)
Re: newbie: I/O with nasm
... BOOL ReadFile( ... BOOL WriteFile( ... Now, if Windows is what TK is looking for, we've got something to go on. ... Pointer to the buffer that receives the data read from the file. ...
(alt.lang.asm)
New Secuity Vulnerabilities
... im Moshe BA from israel a.k.a Trancer and I would like to report 4-5 ... Windows 2003 Server has a built in Command Line Interreptor (I don't ... then the attacker has FULL access to the system. ... send(s, buffer, 5000, 0); ...
(Vuln-Dev)
Re: Replacing fgets
... One more pointer is that if I use mmap it will solve my problem that is ... on SCO UNIX and on windows. ... char *buffer = 0; ... //Total Buffer Length ...
(comp.lang.c)
Re: Replacing fgets
... One more pointer is that if I use mmap it will solve my problem that is ... on SCO UNIX and on windows. ... char *buffer = 0; ... //Total Buffer Length ...
(comp.lang.c)