Re: How to develop a random number generation device

From: MooseFET <kensmith@xxxxxxxxx>
Date: Tue, 11 Sep 2007 19:08:16 -0700

On Sep 11, 4:58 pm, John Larkin
<jjlar...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
[... buffer overflow ...]

It sounds to me like C compilers/linkers tend to allocate memory to
code, buffers, and stack sort of anywhere they like.

No the problem isn't really with code mixed with data. It is data
mixed with data. The return addresses etc are on the stack along with
the local arrays. This means that a routine can overwrite the return
address with data by walking off the end of an array. Once that
happens the return instruction jumps you to the bad code.

Why can't at least the compilers be fixed so
that they put all the stacks first, then the code, then all the
buffers?

With an x86's MMU, you can make segments for code and stack and the
like that have limits on their sizes. The problems can be partly
overcome by this.

On most programs, the stack is just above the data segment in physical
memory and the malloc() obtained memory is beyond that.

.

Follow-Ups:
- Re: How to develop a random number generation device
  - From: David Brown
- Re: How to develop a random number generation device
  - From: Nobody

References:
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: MooseFET
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: John Devereux
- Re: How to develop a random number generation device
  - From: MooseFET
- Re: How to develop a random number generation device
  - From: John Devereux
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: Nobody
- Re: How to develop a random number generation device
  - From: John Larkin
- Re: How to develop a random number generation device
  - From: Nobody
- Re: How to develop a random number generation device
  - From: John Larkin

Prev by Date: Re: need help for the project
Next by Date: Interview with Jim Williams and Bob Dobkin
Previous by thread: Re: How to develop a random number generation device
Next by thread: Re: How to develop a random number generation device
Index(es):
- Date
- Thread

Relevant Pages

Re: Reentrant problem with inet_ntoa in the kernel
... I use google mail web interface to post messages, ... that stack space is a limited resource in the ... which means adding those buffers can hit quite hard. ... but is the kernel stack too small to contain another 32 bytes at most? ...
(freebsd-net)
Re: Reasons for a buffer or RAM
... > You don't need to have your buffers on the stack to make it recursive. ... I think I can get old mmap working for "MAP_PRIVATE" ... always have a zero-length file, ...
(alt.lang.asm)
Re: delay on select()
... When the stack sees the first send, ... > The solution is for programs that send data over TCP to properly manage ... allows immidiate sending of data in the TCP buffers, ... is TCP_CORK that allows to assemble package in system buffers and then ...
(comp.unix.programmer)
Re: stack allocation and gcc
... one of 32 bytes in each of the sub branches. ... 64 bytes since as you say, the two buffers named buf2can be ... The mov sets up the new stack ... gcc does not allocate 32 bytes too ...
(Linux-Kernel)
Re: Writing a SECURE daemon
... boundaries of buffers on the stack. ... int foo() { ... Then you overwrite the return address of foowith cmd. ...
(comp.os.linux.security)