Jump to content

Talk:Stack buffer overflow

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by SineBot (talk | contribs) at 19:40, 8 April 2008 (Signing comment by Gthubron - ""). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The following phrase from the article is IMO suboptimal:

"This works because the execution never actually vectors to the stack itself.".

Even if "vectors" would be a verb that could be used that way (is it?), it feels very awkward to me. A more direct explanation without resorting to symbolisms would be better. Unfortunately I wasn't able to rephrase it in a more succint way :-/ —Preceding unsigned comment added by 193.247.120.15 (talk) 22:22, 11 September 2007 (UTC)[reply] 


Still if used in conjunction with techniques like ASLR a nonexecutable stack can be somewhat resistant to return to libc attacks and thus can greatly improve the security of an application.

Given that ASLR protection has been shown to be effectively rendered useless in a few minutes (http://www.cse.ucsd.edu/~hovav/papers/sppgmb04.html), the above statement seems to be misleading -- Prashmohan 10:35, 31 October 2007 (UTC)[reply]



The example code actually uses the second command line argument to the program since arrays in C are zero based and the index 1 is used. —Preceding unsigned comment added by Gthubron (talkcontribs) 19:39, 8 April 2008 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Stack_buffer_overflow&oldid=204282970"