C/C++ compilers have one stack for local variables and return addresses and then another stack for a

  • Thread starter Casey Hawthorne
  • Start date
C

Casey Hawthorne

One of the buffer overrun problems seems to be overwriting the return
address on the stack, so as to execute your own code.

C/C++ compilers have one stack for local variables and return
addresses and then another stack for array allocations on the stack.
 
K

Keith Thompson

Casey Hawthorne said:
One of the buffer overrun problems seems to be overwriting the return
address on the stack, so as to execute your own code.

C/C++ compilers have one stack for local variables and return
addresses and then another stack for array allocations on the stack.

Was there a "should" missing from that sentence?
 
S

Seebs

Was there a "should" missing from that sentence?

This would be a very interesting way to turn a false statement into a
false statement, even assuming we grant semantic coherence.

Since C and C++ compilers often have noticably different ways of
interacting with the environment, it's not necessarily safe to treat
them interchangeably. In particular, I suspect the much more elaborate
range of things that "local variables" contain in C++ creates a substantial
additional risk.

But! There is also the trivia point that a local variable of any type
can have its address taken and be treated as an array of one object of
that type, and I suspect at least some attacks have used that vector. Not
nearly as many, to be sure.

But ultimately, I don't think I buy the argument that this provides
substantial protection. I'm a lot more interested by, say, marking the
stack area as non-executable, which does a pretty good job of solving
things.

Just pragmatically, doing this would dramatically increase implementation
costs, especially on the systems which DO have a native "stack" implemented
by the CPU, because on those systems, keeping track of the second stack would
be much more expensive than keeping track of the first one. Even in
general, though, I don't think this would pay off particularly well.

-s
 
F

Flash Gordon

Keith said:
Was there a "should" missing from that sentence?

Probably.

To the OP (since Keith knows this), the implementation is allowed to
have as many separate stacks (or other structures) for different things
as it likes. Some implementations do clever things to protect against
buffer overflow exploits of this type.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top