Re: [SLUG] From PC Magazine...

From: Eric Jahn (eric@ejahn.net)
Date: Mon Jul 28 2003 - 15:14:14 EDT


Thanks, but what about a program trying to allocate more data than there
is space for could allow a vulnerability which could incapacitate the
whole system? Shouldn't any operating system stop this? I know that
buffer overflows are a big problem in any operating system, but why?

On Mon, 2003-07-28 at 14:39, Andrew M Hoerter wrote:
> On 28 Jul 2003, Eric Jahn wrote:
>
> > some code to exploit this vulnerability. Exactly what about a buffer
> > overflow renders a machine so open to hacking? Are buffer overflows not
> > a problem in Java because you don't manipulate pointers as in C++ or C?
>
> There are a few different types of attacks classified under "buffer
> overflows", but the bottom line is that they allow arbitrary (i.e. evil)
> code to be executed on the target machine. The possibilities are
> limitless from there, since the bad guy now has total control over your
> system.
>
> Java does array bounds checking at runtime to help prevent these attacks
> (and the sandbox security model offers additional protections as well,
> to guard against malicious applets).
>



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:59:58 EDT