[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: win32 svn 1.1.0-rc1 binaries posted

From: Jared W. Robinson <jwr_at_xmission.com>
Date: 2004-07-21 21:43:20 CEST

On Mon, Jul 19, 2004 at 06:51:19PM +0300, Ivan-Assen Ivanov wrote:
> MSVC7.1 has the /GS switch, which reduces the possibility of buffer
> overflow attacks. Which, in the case of server software like
> Subversion, is even more important than efficiency...

If you read either "Exploiting Software" pp. 57-65 or "Shellcoder's
Handbook" pp. 161-167, you'll have much less confidence in the /GS
switch. The sad truth is that using that switch can make it /easier/ to
exploit vulnerabilities. Maybe the next release of MSDev will improve
the /GS switch -- but who knows, really.

- Jared

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 21 21:43:57 2004

This is an archived mail posted to the Subversion Dev mailing list.