Jump to content

Talk:Stack buffer overflow

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by TinucherianBot (talk | contribs) at 15:13, 1 March 2009 (WP:CSEC Tagging ! ( FAQ ) (Plugin++) Added {{WikiProject Computer Security}}.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconComputer security: Computing Unassessed
WikiProject iconThis article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
Things you can help WikiProject Computer security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.
WikiProject iconComputing: Security Unassessed
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computer security.
Things you can help WikiProject Computer security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.

The following phrase from the article is IMO suboptimal:

"This works because the execution never actually vectors to the stack itself.".

Even if "vectors" would be a verb that could be used that way (is it?), it feels very awkward to me. A more direct explanation without resorting to symbolisms would be better. Unfortunately I wasn't able to rephrase it in a more succint way :-/ —Preceding unsigned comment added by 193.247.120.15 (talk) 22:22, 11 September 2007 (UTC)[reply] 


Still if used in conjunction with techniques like ASLR a nonexecutable stack can be somewhat resistant to return to libc attacks and thus can greatly improve the security of an application.

Given that ASLR protection has been shown to be effectively rendered useless in a few minutes (http://www.cse.ucsd.edu/~hovav/papers/sppgmb04.html), the above statement seems to be misleading -- Prashmohan 10:35, 31 October 2007 (UTC)[reply]



The example code actually uses the second command line argument to the program since arrays in C are zero based and the index 1 is used. —Preceding unsigned comment added by Gthubron (talkcontribs) 19:39, 8 April 2008 (UTC)[reply]

WARNING: In the images describing stack, in my opinion char *bar should be below return address (feel free to update images). bar* is pushed before call, so RET adress is "above". —Preceding unsigned comment added by 91.135.176.215 (talk) 13:49, 5 January 2009 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Stack_buffer_overflow&oldid=274155516"