Re: which stack direction?

Wayne Schlitt (wayne@midwestcs.com)
12 Mar 1999 15:22:57 -0600


In <199903121945.LAA04895@bitmover.com> lm@bitmover.com (Larry McVoy) writes:
>
> > : 1) Grow toward increasing addresses. Reason in favor: This significantly
> > : reduces the probability that a user overrunning the bounds of a local
> > : array will wipe out the traceback information that goes onto the
> > : beginning of the routine's local stack segment. From experience, this
> > : sort of problem is 10 to 20 times more likely on OS-A (where the stack
> > : grows down) than OS-B (where the stack grows up).

Hmmm... Wasn't this discussed recently here, with the conclusion that
having the stack grow up doesn't help much from buffer overruns?

In order for a buffer overrun attack to work when the stack grows up,
you just have to scribble into a buffer of one of the calling
routines. This, however, is fairly common since most actual overruns
occur in libc routines like gets() or read(). The return address that
you overwrite is from the library routine, not the user routine, which
probably makes things easier for the attacker since library routines
tend to be simpler and less likely to get tripped up by overwriting
something else.

Am I missing something here?

-wayne

-- 
Wayne Schlitt can not assert the truth of all statements in this
article and still be consistent.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/