måndag 04 oktober 2004 14:25 skrev Anders Johansson:
I'm not sure what you're saying here. It sounds like "it's more difficult in windows, but it's more difficult in open source"
What I'm saying is, very simple ... it's the question of "gun control". An old debate, on who is responsible. Well, in the gun control there's a saying that it's the man holding the gun, that is responsible for the damage made by the gun. Not the gun, by itself. However, some people wish to extend this to mean ... that if it isn't ME that actually pulls the trigger, than I am in the clear. Not true ... if I give a gun, to a person with significantly low intellect and then show him how to use it, and urge him to ... than I am, in fact, responsible for the damage made. To put this in the script kiddie case, the script kiddie is someone who doesn't have the knowledge of how to use it ... he gets the code, the info and the knowledge, and then he pulls the trigger. And I'm saying, you can't blame the script kiddie for his low intellect ... you can blame the employee that made the information available to him, for criminal neglegance.
It's a little more complicated than that. Google around for "heap overflow".
Actually, it's JUST as simple as that. Unless you are trying to tell me that there's a problem with how the memory controlling routines are implemented in linux. In which case, it's a serious ... yes, serious flaw in the linux kernel. And I'm well aware of some of the drawbacks on how i386 CPU's handle segments, but those drawbacks should have vanished a long long time ago, as far as I know as the segment should be handled by a true memory controller of all post pentium CPU's (again, as far as I know). The data allocated by a program, and the program code itself ... should not be within the same segment. Ok, let's say you got a program that needs 40 Megabytes of consequtive memory. But the system is heavily loaded, and there is no 40 Megabytes of consequtive memory blocks. To my knowledge, modern theory of operation says that you can have several segments and when a program writes beyond one segment, the kernel should receive an interrupt, giving it the opportunity of changing the segment of the next consequtive block. Meaning, simply, that you see the memory as consequtive, but it isn't in reality, this is also known as Virtual Memory. Thus, there should never exist the possibility that you could write beyond the segment you have allocated and certainly never into program occupied memory... unless there's a serious flaw in the handling of the heap, in which case, you need to have extensive knowledge of that case to be able to utilize it ... irrespective of who you get to pull the trigger.