On Saturday, 12 בNovember 2005 01:32, Gilboa Davara wrote: > > About buffer overflow: you are missing the point. You are not > > overflowing the host stack, but the VMs one. This actually is good > > thing from that point of view. > > Um.... and once I did that, what prevents me from generating a code > that will cause the vm to delete the c:\boot.ini file?
I'm not sure what the MS guys are doing, but if I were them I would run the networking code with no file system permissions. The up side of running everything in a VM(*) is that you don't have to link in file system operations for a program that isn't supposed to use them, so even if you buffer overflow the program you can't cause it to do stuff that it isn't supposed to be doing. (*) the .Net VM isn't really a VM. Its more like a virtual virtual machine (the virtual machine itself is virtual) - the .Net spec call for everything to be JITed and cached. -- Oded ::.. BSOD (n.) : Blue Screen Of Death, a feature seen in most MS products. Due to errors in BSOD, a system is likely to crash after displaying it. ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
