Talk:Stack buffer overflow

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing
???	This article has not yet received a rating on Wikipedia's content assessment scale.
???	This article has not yet received a rating on the project's importance scale.

A fact from Stack buffer overflow appeared on Wikipedia's Main Page in the Did you know column on 19 August 2007. A record of the entry may be seen at Wikipedia:Recent additions/2007/August.

Wikipedia

The following phrase from the article is IMO suboptimal:

"This works because the execution never actually vectors to the stack itself.".

Even if "vectors" would be a verb that could be used that way (is it?), it feels very awkward to me. A more direct explanation without resorting to symbolisms would be better. Unfortunately I wasn't able to rephrase it in a more succint way :-/ —Preceding unsigned comment added by 193.247.120.15 (talk) 22:22, 11 September 2007 (UTC)[reply]

Still if used in conjunction with techniques like ASLR a nonexecutable stack can be somewhat resistant to return to libc attacks and thus can greatly improve the security of an application.

Given that ASLR protection has been shown to be effectively rendered useless in a few minutes (http://www.cse.ucsd.edu/~hovav/papers/sppgmb04.html), the above statement seems to be misleading -- Prashmohan 10:35, 31 October 2007 (UTC)[reply]

The example code actually uses the second command line argument to the program since arrays in C are zero based and the index 1 is used. —Preceding unsigned comment added by Gthubron (talk • contribs) 19:39, 8 April 2008 (UTC)[reply]