Party Vibe

Register

Welcome To

How security flaws work: Buffer overflows

Forums Life Computers, Gadgets & Technology How security flaws work: Buffer overflows

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • I now have something to read and learn while eating lunch.

    it is a good simple explanation of how memory mapping / buffers / stacks work; which I only just about understand in spite of growing up in the era when folk still often coded in assembler.

    The only thing I’d disagree with is blaming C for being the cause of this; although C will indeed let you screw up badly (so can assembler) the way to avoid this is proper software testing and development rather than rushing everything to market half-tested.

    this is the sort of things that could happen “back in the day”.

    the worst part of this is I can’t even work out where my (8080 asm) code went wrong as I stored the source on the disk image below; although I suspect what I did wrongly was set the stack pointer to the bottom rather than top of the stack (as the stack is upside down); which would be the start of the program code

    I then mistyped the BDOS function number so instead of “write this character to the console” it was “write the block pointed to in HL directly across the disk”.

    I then forgot that HL is often clobbered by a BDOS call and didn’t put it on the stack..

    so what happened was the code ran once; after CALL BDOS the RET sent it back to 0x100 and ran again (HL is now wild and could point to any random stuff); and this would keep on going until the machine eventually locks up. You can reboot it, but by this time the disk volume is well and truly hosed.. (in the 1980s I would hopefully have had the sense to make two copies of the 5.25″ floppy in case of blunders like this..)

    general-lighting-albums-various-pictures-picture154230-falsch-flauw-kaputt.png

    what happens today is young programmers (especially in commercial environments) often start with Java or Python and are isolated from the “heavy iron” of how the computer works; sometimes you only learn from mistakes. TBH I think kids should start with Python in junior school and by year 10/11 and high school onwards be taught C and/or assembler (many would pick it up themselves as they did in 1980s).

    Something like a Raspberry PI is only €50 and can be dedicated to a single user it doesn’t cause excessive angst to classmates or other family members if the kernel image needs to be reflashed.

    Especially if the person who crashed the family computer with flawed code is a parent- I can just imagine the uproar in school when an otherwise well behaved kid tells the teacher they haven’t got this weeks homework as Mum/Dad crashed the computer. TBH this is why I would be no good as a teacher; the commotion would be such the Headmaster would turn up in the classroom and I’d get in trouble too for not being able to keep a straight face..

    Nice post GL, Thanks.

0

Voices

2

Replies

Tags

This topic has no tags

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Forums Life Computers, Gadgets & Technology How security flaws work: Buffer overflows