[lug] Security notice and Ramen
rm at mamma.varadinet.de
rm at mamma.varadinet.de
Wed Jan 24 10:52:20 MST 2001
On Tue, Jan 23, 2001 at 05:03:28PM -0700, D. Stimits wrote:
> Sean Reifschneider wrote:
> >
> > On Tue, Jan 23, 2001 at 03:20:00PM -0700, D. Stimits wrote:
> > >A big part of making buffer overflow popular is because of functions
> > >that expect a NULL-terminated string (i.e., sprintf/sscanf and friends
> >
> > I'd really love to see some network services written in Python or Perl.
> > You have to be careful to prevent somone from sending a huge string
> > without a newline, thus using as much RAM as possible, but it shouldn't
> > be possible to do any buffer overflow attacks.
>
> A similar scenario for some of the C++ STL containers. I could imagine
> someone trying to buffer overflow a std::string for someone with a 56k
> modem. They'd be sending one string for all day and night, wondering why
> it wasn't overflowing yet.
>
The way to do it is to use comression and have the receiver decompress
it (many browsers will do on-the-fly-decompression if given the right
mimetype):
% dd if=/dev/zero bs=1024 count=5000 > /tmp/ups.txt
% ls -l /tmp/ups.txt
-rw-rw-r-- 1 ralf users 5120000 Jan 24 18:49 /tmp/ups.txt
% gzip /tmp/ups.txt
% ls -l /tmp/ups.txt.gz
-rw-rw-r-- 1 ralf users 5003 Jan 24 18:49 /tmp/ups.txt.gz
;-)
Ralf
More information about the LUG
mailing list