From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu From: "Douglas A. Gwyn" Message-ID: <3D36CB17.D4FEC4C0@null.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit References: , <20020718121930.K14964@cackle.proxima.alt.za> Subject: Re: [9fans] useful language extension, or no? Date: Thu, 18 Jul 2002 14:21:07 +0000 Topicbox-Message-UUID: d0134a40-eaca-11e9-9e20-41e7f4b1d025 Lucio De Re wrote: > The usual buffer overflow problem: override the stack limits, wreck > the return address, execute the remainder (by returning to it). But that is independent of whether the original program generated code on the stack. It's merely a matter of whether the stack lies in an address space compatible with instruction space. On a split I/D-space system, or one where pages do support X bits, code cannot run on the stack. Anyway, buffer overruns would be a security problem anyway, even if one could not add code, because state variables can be changed in unplanned ways. One of the early such exploits merely set the "password was valid" flag.