[PLUG] First JPEG virus is out there
Randal L. Schwartz
merlyn at stonehenge.com
Wed Sep 29 05:11:22 UTC 2004
>>>>> "Steve" == Daggett, Steve <Steve.Daggett at fiserv.com> writes:
Steve> `smash the stack` [C programming] n. On many C implementations
Steve> it is possible to corrupt the execution stack by writing past
Steve> the end of an array declared auto in a routine. Code that does
Steve> this is said to smash the stack, and can cause return from the
Steve> routine to jump to a random address. This can produce some of
Steve> the most insidious data-dependent bugs known to mankind.
Steve> Variants include trash the stack, scribble the stack, mangle
Steve> the stack; the term mung the stack is not used, as this is
Steve> never done intentionally. See spam; see also alias bug,
Steve> fandango on core, memory leak, precedence lossage, overrun screw.
And virtually impossible in OpenBSD now, thanks to W^X, randomized
stack pointers, sentry elements on the stack, and randomized order of
dynloading.
Yeay, OpenBSD. Helping me sleep at night once again.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
More information about the PLUG
mailing list