hi, the fact that the program segfaulted is itself a protection method used by the kernel. if the program executing is user mode tries to access memory outside its assigned memory, it is explicitly killed by the kernel and this is known as segmentation fault. the C compiler does not do any array bound checking, and if the array bound is breached an overflow occurs and the result is unpredictable. int i; buff[10]; consider the above code, the variable i can be changed indirectly by assigning to buff[11] or buff[12] ( in older versions of GCC, with the latest ones there seems to be some more space left vacant between i and the space for the array elements) , this is also an example of buffer overflow, but the kernel has no role here because the program has done nothing wrong with respect to the kernel. There are other tools for detecting these sort of issuess. there have been instances of overflows been detected but the linux model of development makes sure that they are plugged immediately. regards justin
Kladizkov001 <[EMAIL PROTECTED]> wrote: Is debian sarge safe from buffer overflow? Iam studying about buffer overflow and wrote a program. It works while debugging in gdb. But it fails and causes segmentation fault while executing directly from terminal. Is there any protection in kernel. If so, which kernel doesn't got the protection? kladizkov _______________________________________________ Mailinglist mailing list [email protected] http://mail.ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org --------------------------------- Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. -------------- next part -------------- An HTML attachment was scrubbed... URL: /pipermail/mailinglist_ilug-cochin.org/attachments/20050505/3dd884d5/attachment.htm From [EMAIL PROTECTED] Thu May 5 19:54:33 2005 From: [EMAIL PROTECTED] (Zaheer Mohamed Kozhakkaniyil) Date: Thu May 5 19:54:42 2005 Subject: [Mailinglist] OpenOffice.org Message-ID: <[EMAIL PROTECTED]> An HTML attachment was scrubbed... URL: /pipermail/mailinglist_ilug-cochin.org/attachments/20050505/7f652b77/attachment.htm From [EMAIL PROTECTED] Thu May 5 20:32:15 2005 From: [EMAIL PROTECTED] (Sameer Thahir) Date: Thu May 5 20:32:18 2005 Subject: [Mailinglist] DEBIAN SARGE FROZEN!!!! In-Reply-To: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Dear Ilug members the wait is finally over .. the worlds most awaited OS is now ready for some action!! DEBIAN GNU/LINUX SARGE HAS BEEN FROZEN.. heres the may 3 report on slashdot.org ------------------------------------------------------ Sarge is Now Frozen Debian Posted by timothy on Tuesday May 03, @07:10PM from the chill-yo dept. JoeBuck writes "Steve Langasek has announced that Debian Sarge is now frozen. He produced a schedule that would lead to a Debian release at the end of May, though I would expect it to slip somewhat. I'm glad that the long wait for a Debian release will soon be over." ------------------------------------------------------ heres the message that announced the freeze on debian mailing list... ====================================================== * To: [EMAIL PROTECTED] * Subject: Release update: editorial changes to the testing propagation scripts * From: Steve Langasek <[EMAIL PROTECTED]> * Date: Tue, 3 May 2005 12:46:32 -0700 * Mail-followup-to: [EMAIL PROTECTED] * Message-id: <[EMAIL PROTECTED]> * Old-return-path: <[EMAIL PROTECTED]> * User-agent: Mutt/1.5.6+20040907i Hello world, Anthony Towns has committed a minor change to the britney script which manages updates of packages to testing, and as a result packages are no longer being accepted into testing without hand-approval by a member of the release team. Wait, that didn't come out quite right. Let's try again. Sarge is now frozen! Wheeeeeee!!! Thanks are due to everyone who has helped get us to this point: in particular our ftpmasters, Anthony Towns, James Troup, and Ryan Murray, for their continued dedication which has made it possible for mortals to wrangle behemoths such as the 9,000-package sarge; our co-wranglers, the release assistants Andreas Barth, Frank Lichtenheld, and Joey Hess; and you, gentle maintainer, for your support and patience. For those maintainers whose packages were unprepared for a freeze at this moment (the process has, after all, been a long one), you still have one last opportunity to get things into shape if there are any remaining important problems. Read on.... ===================================================== read that at http://lists.debian.org/debian-devel-announce/2005/05/msg00001.html i think we can expect the final official isos by may end... bye sameer Sameer Mohamed Thahir ([EMAIL PROTECTED]) __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
