On TechRepublic: Windows 7: Slower to boot than Vista?
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 43 of 166:
Next »
« Previous
...
"How does hardware know the buffer size?"
It does not.

"I guess if the architecture separates the data stack from the executeable code stack you'd be ok."
It does.

"(But I would not want to rely on this mechanism)"
And why not?

"But, still, if I allocate a chunck of memory, how does the hardware know if I want to write data or executeable code to that block of memory?"
Because the OS tells it when the page tables are initialized. A special bit in the page table privilege mask informs the MMU as to whether or not the memory page is executable. If it is not, no code may be run off that page, and the result is an access violation. Look up Data Execution Prevention.

"It is the programmers responsibility to write good code."
Obviously, which is why one of the solutions is to not make the mistake in the first place.

"Buffer overflows are not a new phenomenum."
Obviously.

"Some OS's are better at providing protection against these types of attacks" All modern OS's implement memory protections. No OS can protect against a buffer overflow without either emulating the code, monitoring the code, rewriting the code, or using hardware features.

"I also disagree about the speed comment, as properly structured code tends to run quite well." Yes. But we're not talking about properly structured code--we're talking about already bad code that you claim the OS has to fix. But the OS cannot fix it without either hardware support or drastic slowdowns.

"The fastest code in the world doesn't matter if it is buggy or causes problems." Not true. Consider the time wasted by a slower browser versus the value of the info on your computer. For many people, a fast, insecure browser is better than a slow, secure browser for this very issue--they can't or don't want to wait.

"Just how fast does a browser need to be anyway? You still spend more time waiting for the HTML to be served to the browser than anything else." Not really. I'm on broadband. About 10% of the time, I'm waiting on the rendering engine, not the web server. How can I tell? Zero network traffic and 100% CPU usage.
Posted by: PeregrineFalcon   Posted on: 09/09/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

"After a run-in with Mozilla staff..."  Real World | 09/09/05
Understandable  ejhonda | 09/09/05
Fine  Real World | 09/09/05
That's how we feel  wjvann@... | 09/09/05
A glory houd is a glory hound  Real World | 09/09/05
Justifiy...  D-Ram | 09/09/05
This is the type of person we need?  Real World | 09/09/05
Generally accepted 30 days??  Too Old For IT | 09/09/05
Based on conversations like  Real World | 09/09/05
I would be willing to bet FF fixes it befor MS  IceTheNet@... | 09/09/05
Yes  nucrash | 09/09/05
MS, Mozilla, Apple, whomever  Real World | 09/09/05
Took their time?  rpmyers1 | 09/09/05
Took their time?  flatliner | 09/09/05
And Then...And Then  Santelli | 09/09/05
Here's the part I don't understand  Real World | 09/10/05
mjb FYI  D-Ram | 09/13/05
This is the type of person we need?  lithic | 09/09/05
FireFox Patch  Bobby Joe Reed | 09/10/05
FF  Bobby Joe Reed | 09/10/05
Firefox talk?  ab@... | 09/09/05
it might...  kiwi704 | 09/10/05
Understandable Plus  pjones | 09/09/05
Oh really???  shango1052 | 09/09/05
yes really  D-Ram | 09/13/05
Exactly...  PeregrineFalcon | 09/09/05
Hey bro...  D-Ram | 09/09/05
Browser in Development  Too Old For IT | 09/09/05
I wish!  PeregrineFalcon | 09/09/05
Sorry ...  msdead | 09/09/05
Security layers needed  uno@... | 09/10/05
I am a Firefox user...  msdead | 09/09/05
I disagree  Real World | 09/09/05
Hmmm...  msdead | 09/09/05
4 days  rpmyers1 | 09/09/05
Incorrect analogy  cdgoldin | 09/09/05
I disagree plus  pjones | 09/09/05
only YOU can prevent buffer overflows  ouvrez | 09/09/05
The current family of Intel processors ...  ShadeTree | 09/09/05
memory managers  Anti_Zealot | 09/09/05
No,  PeregrineFalcon | 09/09/05
How does hardware know the buffer size?  woot! | 09/09/05
...  PeregrineFalcon | 09/09/05
Buffer the Vampire Slayer  IceTheNet@... | 09/09/05
I give up,  PeregrineFalcon | 09/09/05
There's no excuse  woot! | 09/09/05
flaw in Mozilla  asmirick@... | 09/09/05
but yet..  D-Ram | 09/13/05
he already went public when he posted the bug!  pablito@... | 09/09/05
FYI,  PeregrineFalcon | 09/09/05
Not so  uno@... | 09/10/05
Problem fixed in less than 24 hrs (a week since it was notified of the bug)  wackoae | 09/10/05
This affects to Netscape 8 too  MickJ | 09/09/05
Can anyone else confirm the flaw?  toomuchgreeatea@... | 09/09/05
Never mind (NT)  toomuchgreeatea@... | 09/09/05
Let me make a correction  toomuchgreeatea@... | 09/09/05
Hmm?  PeregrineFalcon | 09/09/05
Works just fine  IT Scion | 09/09/05
Crashed mine just fine!  crash89 | 09/09/05
Won't work...  PeregrineFalcon | 09/09/05
Work around confirmed. Thanks (NT)  toomuchgreeatea@... | 09/09/05
Yup that did the trick...thnx(nt)  IT Scion | 09/09/05
DOESN'T CRASH MY BROWSER!  Valis Keogh | 09/09/05
I can't. And I'm running 1.0.3  hawkeyeaz1 | 09/09/05
Doesn't work here...  figgle | 09/09/05
I'm wondering...  PeregrineFalcon | 09/09/05
It crashed mine but  IT Scion | 09/09/05
I know. Isn't that weird?  toomuchgreeatea@... | 09/09/05
Not sure but  IT Scion | 09/09/05
mine never crashes...  doh123 | 09/09/05
Ok, now it crashed...  figgle | 09/09/05
Crashed Using 1.0.6 Win XP SP1 (nt)  tbbrickster_z | 09/09/05
Anyone else has any luck crashing the browser?  bka1959 | 09/09/05
So Far everything but Opera I crashed  nucrash | 09/09/05
I can.  Immanuel Tranz-Mischen | 09/10/05
No crashing here...  Linux Guy 1000 | 09/11/05
Another M$ Bug!  regloff@... | 09/09/05
See my above post  crash89 | 09/09/05
flaws in published web material  jimmy5 | 09/09/05
Doesn't crash my browser...  figgle | 09/09/05
Doesn't Crash My Browser  Too Old For IT | 09/09/05
Clueless...  figgle | 09/09/05
It works  IT Scion | 09/09/05
doesnt exactly crash mine either, but...  doh123 | 09/09/05
dash dash address  trm1945 | 09/09/05
Unpatched Firefox flaw may expose users  Loverock Davidson | 09/09/05
Just kidding  Loverock Davidson | 09/09/05
The story says he didn't prove it to Mozilla  Feamster Business Services | 09/09/05
Is there an editor in the audience?  dhopp@... | 09/09/05
I guess there's no profit in moderation  Feamster Business Services | 09/09/05
editor in the audience...  clifflee | 09/09/05
Cheap shot!  cdgoldin | 09/09/05
What?  Immanuel Tranz-Mischen | 09/10/05
Bene, cum Latine nescias...  cdgoldin | 11/08/05
The latin word ZDnet censored is c_u_m, ...  cdgoldin | 11/08/05
reformat  solocanoejake@... | 09/09/05
What? Troubleshoot much?  nikoli | 09/09/05
winsock?  Real World | 09/09/05
Winsock on WinXP Pre SP1  Too Old For IT | 09/09/05
Isn't it funny that...  net2dave | 09/09/05
PEOPLE......OPERA IS THE KEY.FOR NOW.  Someoneinthecrowdhere | 09/09/05
Who cares? It doesn't matter to the government.  msdead | 09/09/05
Since this isn't IE  node357 | 09/09/05
Good Point  Jovan66102 | 09/09/05
Holds little water....  IT Scion | 09/09/05
Prove It  node357 | 09/09/05
Time it.  dbrimlow | 09/09/05
Do you honestly think  IT Scion | 09/09/05
Calrification  IT Scion | 09/09/05
What Makes Secunia the Gold Standard Anyway? (nt)  PMC-CON | 09/10/05
For .00001% of the User Population  PMC-CON | 09/10/05
wow what a novel idea..  D-Ram | 09/13/05
More eyes  michael_t | 09/11/05
Ya just don't get it, do ya?  Motu | 09/09/05
What platform do you write for?  IT Scion | 09/09/05
re: What platform do you write for?  Motu | 09/09/05
So give firefox a shot  rpmyers1 | 09/09/05
re: So give firefox a shot  Motu | 09/12/05
Not your grandfather's IBM!  cdgoldin | 09/09/05
What is storage protect?  rpmyers1 | 09/09/05
Listen me lad, and ye shall hear...  cdgoldin | 09/09/05
Take a course on operating systems...  PeregrineFalcon | 09/09/05
Thank you, Mr. Peregrine (Falcon)  cdgoldin | 11/08/05
Re: Granddad's IBM  BXLE | 09/09/05
386-40  cdgoldin | 09/09/05
re: Not your grandfather's IBM!  Motu | 09/12/05
IE is still crap  Stegosaurus Cowboy | 09/09/05
Don't let the fact confuse you!  cdgoldin | 09/09/05
Warez and Porn?  rpmyers1 | 09/09/05
re: "Don't Let the Fact Confuse You!"  Stegosaurus Cowboy | 09/09/05
kudos to both of you for an argument sans childishness! *pat on back* (nt)  Valis Keogh | 09/09/05
Oops?  cdgoldin | 09/09/05
The fact that if we let security aside  michael_t | 09/11/05
Ahhh the troll of the day!  IT Scion | 09/09/05
Another poorly done "slight of hand" post here  John Zern | 09/09/05
Don't you mean "sleight of hand"?  Stegosaurus Cowboy | 10/12/05
Says It All  PMC-CON | 09/10/05
LMAO  D-Ram | 09/13/05
Confirmed work around posted  toomuchgreeatea@... | 09/09/05
Hard to understand...  HerbieHightower | 09/09/05
Easy to understand  Loverock Davidson | 09/09/05
Outbreaks affect more than just those who got infected  Michael Kelly | 09/09/05
I invite you  IT Scion | 09/09/05
I certainly hope so  Michael Kelly | 09/09/05
2 Days Vs. 2 Weeks  MildlyAmuzed | 09/09/05
How stupid  victor@... | 09/10/05
Another Interpretation: Fear of MS  PMC-CON | 09/10/05
if you had read...  D-Ram | 09/13/05
Has anyone already exploited this ? How? nt  michael_t | 09/09/05
Easy enough to fix. What's the big deal ?  Budone | 09/09/05
Why Doesn't Mozilla Support Page Link?  PMC-CON | 09/10/05
Oh, There It Is ... on the bottom, next  PMC-CON | 09/10/05
Where's George Ou when you need him?  LibrarianDude | 09/09/05
Not to worry  george_ou | 09/14/05
Scariest of ALL  walterreads@... | 09/10/05
Commendation presented  D-Ram | 09/13/05
The flaw no one could find!  An_Axe_to_Grind | 09/10/05
The Cox watch!  An_Axe_to_Grind | 09/10/05
Must be a different guy.  Immanuel Tranz-Mischen | 09/10/05
Firefox is Wonderful!!! Well, at least it used to be.  iom88@... | 09/11/05
Fix is here and simple to apply.  michael_t | 09/11/05
Wot No Reboot?  mischief_z | 09/12/05
Buffer overflows  Roger Ramjet | 09/12/05
It's called .NET Managed Code  mischief_z | 09/12/05
Better Idea  PeregrineFalcon | 09/12/05
Do firewalls like Zone Alarm stop hackers using IE or Firefox exploits ?  racintazz@... | 12/31/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement