This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Buffer Overflow Attacks
- To: Frank Pilhofer <fp at fpx dot de>
- Subject: Re: Buffer Overflow Attacks
- From: Carlo Wood <carlo at alinoe dot com>
- Date: Sun, 14 Oct 2001 16:33:05 +0200
- Cc: gcc at gcc dot gnu dot org
- References: <20011014140920.A657@rose.fpx.de>
On Sun, Oct 14, 2001 at 02:09:20PM +0200, Frank Pilhofer wrote:
> So basically, I am wondering if the compiler could do something to
> blunt buffer overflow attacks. I know, that is not the prime purpose
> of the compiler but rather the responsibility of the programmer, but
> still I find it an attractive idea as a one-step fix for all such
> exploits.
Because of this, complete new languages have been designed (Java and C#),
which - as a result of that - are considerably slower. I don't think that
a C/C++ compiler should sacrifice memory and/or cpu time to this. And as
you said yourself, it wouldn't make much sense unless the large
distributions make use of it; so a compile option is not an option - we're
talking about a change to the default here.
--
Carlo Wood <carlo@alinoe.com>