From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,5bc4be576204aa20 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news2.google.com!proxad.net!proxad.net!newsfeed.arcor.de!news.arcor.de!not-for-mail Date: Sun, 13 Nov 2005 12:55:39 +0100 From: Georg Bauhaus User-Agent: Debian Thunderbird 1.0.2 (X11/20051002) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Buffer overflow Article - CACM References: <2421265.tcOOYmdnmL@linux1.krischik.com> In-Reply-To: <2421265.tcOOYmdnmL@linux1.krischik.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <43772913$0$21943$9b4e6d93@newsread2.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 13 Nov 2005 12:52:51 MET NNTP-Posting-Host: 5739aa17.newsread2.arcor-online.net X-Trace: DXC=\1d<[AIbV;f0_l3b[L=KQcQ5U85hF6f;djW\KbG]kaMhQ>n?D9BSA]l5EHTF5NnMomhP3YJKgE\jlj09QhjC[MTf X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:6357 Date: 2005-11-13T12:52:51+01:00 List-Id: Martin Krischik wrote: > Is there an Online Version of that article? And if so: Would you mind if I > copy/paste your Text to /. - That's only of you have no /. user yourself. http://doi.acm.org/10.1145/1096000.1096004 The authors refer you to their site, in the final sentence of their article. If you look at their "front page", the motivation of their analyses will become clear. Please tr -d ' ' in w w w . s m a s h gu a r d . or g Some quotes: "One way to prevent programs from having such vulnerabilities is to write them using a language (such as Java or Pascal) that performs bound checking. However, such languages often lack the low-level data manipulation needed by some applications. Therefore, researchers have produced "more secure" versions of C that are mostly compatible with existing programs but add additional security features. Cyclone [5] is one such C-language variant. Unfortunately, the performance cost of bounds checking (reported in [5]) involves up to an additional 100% overhead." "Dynamic protection techniques can be costly in terms of overhead, but some researchers are trying to move that functionality into faster, hardware-based protection schemes. As these techniques move from academic laboratories into mainstream software releases, computer users and software developers have become aware of what they can do, and what they can't do."