In the past ten years , stack overflow has become one of most common attacks . smashing stack is a kind of systemly attack , which usually write overlong contents in application frame in order to change the control flow to invader 堆栈溢出指的是一种系统攻击的手段,通过往程序的堆栈写超出其长度的内容,造成堆栈的溢出,使程序转而执行其它指令,以达到攻击的目的。
Three means exists in current defencing the overrun of stack : overwriting contents in stack with too long arguments is not allowed ; overwriting is allowed but unauthorized change of control flow is not allowed ; change of control flow is allowed but execution of injected code is prevented 在理论上存在三类方法检测堆栈溢出:不允许用超长的输入参数覆盖返回地址;允许返回地址被覆盖,但不允许控制流转向非授权的用户;允许控制流转向非授权的用户,但不允许其可执行代码被运行。
