From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] useful language extension, or no?
Message-ID: <20020718165654.S14964@cackle.proxima.alt.za>
References: <20020718122844.M14964@cackle.proxima.alt.za> <200207181450.g6IEoSsJ023181@ducky.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200207181450.g6IEoSsJ023181@ducky.net>; from Mike Haertel on Thu, Jul 18, 2002 at 07:50:28AM -0700
Date: Thu, 18 Jul 2002 16:56:54 +0200
Topicbox-Message-UUID: d0ccadaa-eaca-11e9-9e20-41e7f4b1d025

On Thu, Jul 18, 2002 at 07:50:28AM -0700, Mike Haertel wrote:
> 
> Nope.  All you have to do is overwrite return addresses and
> data in the stack.  Many programs have code that can be twisted
> to your own ends if you just call it with the right parameters.
> Admittedly this requires doing a little more homework than
> just putting executable code in the stack.  But making the
> stack non-executable is not a way of "locking the barn door"
> by any means.  It's more like just closing the barn door and
> hoping nobody will notice the padlock is missing.

That's where Microsoft's "security by obscurity" argument would
acquire validity, isn't it?

++L