Re: Is this the ultimate stack-smash fix?

From: Eric W. Biederman (
Date: Wed Feb 14 2001 - 11:25:18 EST

Jeremy Jackson <> writes:

> Greetings. This is my first post on linux-kernel, I hope this is
> appropriate.
> The recent CERT IN-2001-01 's massive repercussions and CA-2001-02's
> re-releasing
> old material in an attempt to coerce admins to update their OS, has led
> me to think about
> buffer overrun exploits. I have gained a new appreciation after being
> rooted twice this month.
> I believe there is a solution that can be implemented in the kernel
> (Linux and probably most Unix)
> that can prevent this type of exploit, has no effect on userspace code,
> and is minimally obtrusive
> for the kernel.

There is another much more effective solution in the works. The C
standard allows bounds checking of arrays. So it is quite possible
for the compiler itself to check this in a combination of run-time and
compile-time checks. I haven't followed up but not too long ago
there was an effort to add this as an option to gcc. If you really
want this fixed that is the direction to go. Then buffer overflow
exploits become virtually impossible.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Thu Feb 15 2001 - 21:00:24 EST