Re: Buffer overflow Article - CACM

comp.lang.ada
 help / color / mirror / Atom feed

From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Buffer overflow Article - CACM
Date: Sun, 13 Nov 2005 15:58:13 +0100
Date: 2005-11-13T15:58:13+01:00	[thread overview]
Message-ID: <87psp4a92y.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: 43772913$0$21943$9b4e6d93@newsread2.arcor-online.net

* Georg Bauhaus:

> http://doi.acm.org/10.1145/1096000.1096004
>
> The authors refer you to their site, in the final sentence of
> their article. If you look at their "front page", the motivation of
> their analyses will become clear. Please tr -d ' ' in
> w w w . s m a s h  gu a r d .  or g
>
> Some quotes:
>
> "One way to prevent programs from having such vulnerabilities is
> to write them using a language (such as Java or Pascal) that performs
> bound checking. However, such languages often lack the low-level data
> manipulation needed by some applications. Therefore, researchers have
> produced "more secure" versions of C that are mostly compatible with
> existing programs but add additional security features. Cyclone [5]
> is one such C-language variant. Unfortunately, the performance cost
> of bounds checking (reported in [5]) involves up to an additional
> 100% overhead."

The tables in that paper do not justify the 100% figure, and the paper
shows that some of the programs were incorrect, presumably because the
authors failed to include run-time bounds checks.  The "fat pointer"
approach used by Cyclone is not representative of typical compiler
implementations of bounds-checked array types, either.

> "Dynamic protection techniques can be costly in terms of overhead,

Yeah, sure.  Bounds checks are costly, so lets get rid of them and
just use obfuscation techniques to prevent code injection.  The truth
is that you have to check things at some point, and manually coded
bounds checks have been shown to be error-prone (more than
compiler-generated ones).  For most applications implicit bounds
checks are probably a win.

The authors show a profound lack of industry experience.  In
real-world Internet applications, a typical non-exploitable buffer
overflow is still a very serious defect because it affects
availability.  Shifting bugs from crash-and-control to crash-only
isn't such a tremendous improvement, especially in environments which
use multi-threading instead of multiple cooperating (but isolated)
processes.

next prev parent reply	other threads:[~2005-11-13 14:58 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-13  5:14 Buffer overflow Article - CACM adaworks
2005-11-13  7:35 ` tmoran
2005-11-13  8:49 ` Martin Krischik
2005-11-13 11:55   ` Georg Bauhaus
2005-11-13 14:58     ` Florian Weimer [this message]
2005-11-14 13:44       ` Marc A. Criley
2005-11-14 19:13     ` Martin Krischik
2005-11-13 15:02 ` Florian Weimer
2005-11-13 15:44 ` Stephen Leake
2005-11-14 14:40   ` adaworks
2005-11-13 23:57 ` Jeffrey R. Carter
2005-11-14  6:51   ` Martin Dowie
2005-11-14 17:55     ` Jeffrey R. Carter
2005-11-15  9:14       ` Martin Dowie
2005-11-14  7:09   ` Pascal Obry
2005-11-14  8:35     ` Dmitry A. Kazakov
2005-11-14 20:57       ` Simon Wright
2005-11-15  8:49         ` Dmitry A. Kazakov
2005-11-15 14:03           ` Georg Bauhaus
2005-11-15 15:14             ` Dmitry A. Kazakov
2005-11-15 22:32               ` Georg Bauhaus
2005-11-16  1:21                 ` Robert A Duff
2005-11-16  9:26                 ` Dmitry A. Kazakov
2005-11-16 13:02                   ` adaworks
2005-11-17 11:13                     ` Martin Dowie
2005-11-14 17:58     ` Jeffrey R. Carter
2005-11-14 18:44       ` Larry Kilgallen
2005-11-25  5:56       ` Christopher Browne
2005-11-26  1:31         ` Jeffrey R. Carter
2005-11-27 21:36         ` adaworks
2005-11-28 12:12           ` Simon Clubley
2005-12-01  2:35           ` robin
2005-12-01  7:05             ` adaworks
2005-12-03 13:42               ` robin
2005-12-03 18:18                 ` adaworks
2005-12-12  1:23                   ` robin
2005-12-31  7:39                   ` robin
2005-12-31 17:03                     ` Georg Bauhaus
2006-01-01 12:12                     ` Martin Krischik
2006-01-01 23:12                       ` robin
2006-01-02  3:37                         ` jimmaureenrogers
2006-01-12 22:10                           ` robin
2006-01-03  9:52                         ` Georg Bauhaus
2006-01-12 22:10                           ` robin
2006-01-12 22:36                             ` Georg Bauhaus
2006-01-13 19:53                             ` Keith Thompson
2006-01-13 20:22                               ` Dan Nagle
2006-01-14 17:50                               ` Björn Persson
     [not found]                             ` <12ces1lv5dvm6pifdapj11o1hrtlm6ec7q@4ax.com>
2006-01-13 23:28                               ` robin
2005-11-30 15:27         ` robin
2005-11-14 10:17   ` Peter Amey
2005-11-29  8:16     ` Harald Korneliussen
2005-11-29 10:48       ` Peter Amey
2005-11-30 21:21       ` Brian May
2005-12-01  5:36         ` Jeffrey R. Carter
2005-12-01  9:01           ` Harald Korneliussen
2005-12-01 11:21             ` Martin Dowie
2005-12-01 17:58             ` Jeffrey R. Carter

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox