A good article about vulnerabilities

Discussion in 'C Programming' started by jacob navia, Oct 23, 2004.

  1. jacob navia

    jacob navia Guest

    "Code injection in C and C++: A survey of vulnerabilities and
    Countermeasures" by Younan, Joosen and Piessens (July 2004)

    http://www.cs.kuleuven.ac.be/publicaties/rapporten/cw/CW386.pdf

    This is a very good review of the current stand in this field.
    All problems are described, and the different solutions to them
    are reviewed. Recommended
    jacob
     
    jacob navia, Oct 23, 2004
    #1
    1. Advertising

  2. jacob navia

    Chris Torek Guest

    In article <news:417a42ee$0$1010$>
    jacob navia <> wrote:
    >"Code injection in C and C++: A survey of vulnerabilities and
    >Countermeasures" by Younan, Joosen and Piessens (July 2004)
    >
    >http://www.cs.kuleuven.ac.be/publicaties/rapporten/cw/CW386.pdf
    >
    >This is a very good review of the current stand in this field.
    >All problems are described, and the different solutions to them
    >are reviewed. Recommended


    This paper needs at least a little bit of review and work. For
    instance, on p. 53, line 2, it says "the processor must not write"
    when they mean "need not" or "does not". (Register windows get
    written whenever they overflow, which can happen due to hardware
    interrupts, among other things, so the timing of writes is not
    predictable in advance and "must not" is clearly the wrong phrase.)
    Elsewhere, they use the phrase "implicit cast" (there is no such
    thing, of course -- what they mean is that signed integers are
    *converted* to unsigned values by adding Utype_MAX+1 to them, giving
    rise to large positive numbers), and I spotted a sentence fragment.

    I would also never dare to make the claim that "all" problems
    are described, and from my (not very thorough) reading, neither
    do they.
    --
    In-Real-Life: Chris Torek, Wind River Systems
    Salt Lake City, UT, USA (40°39.22'N, 111°50.29'W) +1 801 277 2603
    email: forget about it http://web.torek.net/torek/index.html
    Reading email is like searching for food in the garbage, thanks to spammers.
     
    Chris Torek, Oct 23, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wijhierbeneden

    vulnerabilities

    wijhierbeneden, Oct 21, 2004, in forum: C++
    Replies:
    5
    Views:
    1,431
    Christopher Benson-Manica
    Oct 22, 2004
  2. Dave Vandervies

    Re: vulnerabilities

    Dave Vandervies, Oct 22, 2004, in forum: C++
    Replies:
    3
    Views:
    374
    Dan Pop
    Oct 22, 2004
  3. wijhierbeneden

    vulnerabilities

    wijhierbeneden, Oct 21, 2004, in forum: C Programming
    Replies:
    72
    Views:
    1,607
    Peter Pichler
    Nov 6, 2004
  4. Nanda

    IIS Vulnerabilities

    Nanda, Dec 1, 2005, in forum: ASP General
    Replies:
    3
    Views:
    152
    Bob Barrows [MVP]
    Dec 2, 2005
  5. John W. Long
    Replies:
    3
    Views:
    135
    Hugh Sasse Staff Elec Eng
    Aug 26, 2003
Loading...

Share This Page