Re: Interesting coding tidbit
From: Larry Kilgallen (Kilgallen_at_SpamCop.net)
Date: 12/17/04
- Previous message: Larry Kilgallen: "Re: HP pulls out of IA64 chip development"
- In reply to: Chris Sharman: "Re: Interesting coding tidbit"
- Next in thread: Keith Cayemberg: "Re: Interesting coding tidbit"
- Reply: Keith Cayemberg: "Re: Interesting coding tidbit"
- Reply: Richard Maher: "Re: Interesting coding tidbit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 17 Dec 2004 04:12:39 -0600
In article <cpu724$7r$1$8300dec7@news.demon.co.uk>, Chris Sharman <chris.sharman@sorry.nospam> writes:
> Keith Cayemberg wrote:
>
>> John Smith wrote:
>>> http://www.research.ibm.com/trl/projects/security/ssp/
>>
>> Of course this does nothing for you if the Hacker/Cracker used GCC
>> without this extension, another language's compiler, assembler or even
>
> Am I missing something ?
> I thought this was a feature to protect your own trusted code against
> buffer overrun attacks, rather than to stop hackers compiling virii ?
Certainly you are correct. There is no protection if you give an
attacker permission to execute their own code on your machine.
> Although I agree there's no substitute for correct code, if it offers
> buffer protection it probably makes writing correct code easier.
It is important to note that this is _not_ a general GCC feature.
The cited page notes that it is _specifically_ for programs that
are written in C.
For general programming purposes, buffer overflows were conquered
years ago -- only lower level languages like C* have this problem.
- Previous message: Larry Kilgallen: "Re: HP pulls out of IA64 chip development"
- In reply to: Chris Sharman: "Re: Interesting coding tidbit"
- Next in thread: Keith Cayemberg: "Re: Interesting coding tidbit"
- Reply: Keith Cayemberg: "Re: Interesting coding tidbit"
- Reply: Richard Maher: "Re: Interesting coding tidbit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
