Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Linux Protection Against Buffer Overflow-based Vulnerabilities

Roy Schestowitz wrote:


>> But now we know all buffers can be dynamic, there are many examples of
>> such classes around. If the environment isn't time/space critical, there
>> is no real reason why statics can not be dynamic too. So really there
>> isn't an excuse for buffer over flows any more, just a matter of finding
>> the old ones still hidden away in a lib somewhere. There certainly is no
>> excuse for buffer overflow on interfaces because these should be ring
>> buffers anyway.
> 
> 
> The question is: is the dynamic nature predictable? Maybe that's the
> reason Microsoft thinks about BIOS... system clock for
> randomisation/seeding?
> 
> 

Yes and no. (hows that for straddling a fence).

Even being dynamic you have to calculate worse cases, particularly if you
are working with high speed comms (because of cause you may not have CPU
time for the dynamic allocation itself), then you add the pessimists
percentage (mine is large).

Dynamic/ring buffer sizes can be calculated at run time to a large extent.
Maximum capabilities of a device, can be used to predict best block sizes
needed or even if with available CPU speed whether to double buffer with a
ring and a dynamic is needed.

But remember that ring buffers should be being used on interfaces/services
anyway and certainly for high speed work, so no over run is possible.

I worry about pulling the bios out and letting the OS people dive on it. But
at the same time a bios that is closer to the OS that is running must be a
good thing. It's just that the BIOS isn't really as low an interface to
hardware as many imagine, bios calls, such as file, memory, hardware
proding, is far in advance to the old DOS days. You could write very good
comms software for example with just an assembler and bios calls on a
standard PC, no OS necessary, interface with the user, the screen, comms
ports, print outs, save the data to the drives etc. It's all there and has
been very successfull for years.

The main worry I think is that the mobo designers might have to slow their
advances, because each advance will call for a change in the OS instead of
just the BIOS caps.


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index