From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] useful language extension, or no?
Message-ID: <20020718122844.M14964@cackle.proxima.alt.za>
References: <Pine.LNX.4.30.0207170803450.16167-100000@athena>, <20020717222200.7C97C19ACF@mail.cse.psu.edu> <3D35FBEB.359CA14A@null.net> <20020718121930.K14964@cackle.proxima.alt.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20020718121930.K14964@cackle.proxima.alt.za>; from Lucio De Re on Thu, Jul 18, 2002 at 12:19:31PM +0200
Date: Thu, 18 Jul 2002 12:28:47 +0200
Topicbox-Message-UUID: cfcbfb4a-eaca-11e9-9e20-41e7f4b1d025

On Thu, Jul 18, 2002 at 12:19:31PM +0200, Lucio De Re wrote:
> > 
> > How is that a security problem?  The stack is accessible only
> > under program control, and a programmer can do whatever he
> > wants anyway.
> 
> The usual buffer overflow problem: override the stack limits, wreck
> the return address, execute the remainder (by returning to it).
> 
I neglected to mention that locking the stack against execution is a
way of locking the barn door, programmers _ought_ to know better, but
the tools to _do_ better haven't been available until recently.

One wonders if one should be grateful for script kiddies :-)

++L