Re: executable stacks, a few suggetions

Richard B. Johnson (
Wed, 16 Apr 1997 15:55:41 -0400 (EDT)

On Wed, 16 Apr 1997 wrote:
> Signed,
> Solar Designer

Please excuse me, but wasn't this whole thing started by the possibility
of someone executing a private, non intended program or function by
exploiting stack-overflow in a program that gets user input?

If so, shouldn't the proper course of action be to rewrite the user input
portion of the program so this was impossible? I see too may programs
that use gets(buffer) with buffer[] being a few hundred bytes allocated
on the stack. This is very bad coding. It's just luck that makes such
programs work.

If you prevented writing beyond the end of a buffer, no matter what got
written to the buffer will not ever cause any problems. Am I missing
something here?

Can't I send the most horrible and dangerous virii to any server
anywhere, and if it isn't executed, it does nothing?

Dick Johnson
Richard B. Johnson
Project Engineer
Analogic Corporation
Voice : (508) 977-3000 ext. 3754
Fax : (508) 532-6097
Modem : (508) 977-6870
Ftp :
Email :,
Penguin : Linux version 2.1.34 on an i586 machine (66.15 BogoMips).
Warning : I read unsolicited mail for $350.00 per hour. Supply billing address.