I was reading about buffer, stack and heap overflows. I read this post as well. my question is like that: if I use only global variables in my code, can I say it prevents all the exploits of overflow?
let’s say I have this buffers in code declared in the global scope:
char buf1[10];
char buf2[100];
If I send buf1 as the buffer to recv(int s, char *buf, int len,int flags);
- I will overwrite the data segment and may ruin the
buf2content, right? - Would I be able to run a code from it because as I know it is not a code segment and data segment is not executable.
Can we conclude that using Globals is the safest way?
It doesn’t matter where your data is. If you try hard enough, you can write outside it. Whether or no any stack buffer overrun might be used to overwrite a return address and cause code in the buffer to be executed, that is architecture dependent. IMHO, data in the stack segment should not be executable and and attempt to execute it should result in a memory-management interrupt.
Using ‘globals’ instead of stack variables is anyway not a sane solution for anything except trivial apps.
I only ever load data into dynamicaly-allocated buffers inside buffer classes, so stack buffer overruns have never been a problem in my apps, (and besides, I just don’t overrun buffers!).