Talk:Stack buffer overflow
|This is the talk page for discussing improvements to the Stack buffer overflow article.
This is not a forum for general discussion of the article's subject.
|WikiProject Computing / Software / Security||(Rated C-class, Mid-importance)|
|A fact from Stack buffer overflow appeared on Wikipedia's Main Page in the Did you know? column on 20 August 2007. The text of the entry was as follows: "Did you know
The following phrase from the article is IMO suboptimal:
"This works because the execution never actually vectors to the stack itself.".
Even if "vectors" would be a verb that could be used that way (is it?), it feels very awkward to me. A more direct explanation without resorting to symbolisms would be better. Unfortunately I wasn't able to rephrase it in a more succint way :-/ —Preceding unsigned comment added by 188.8.131.52 (talk) 22:22, 11 September 2007 (UTC)
Still if used in conjunction with techniques like ASLR a nonexecutable stack can be somewhat resistant to return to libc attacks and thus can greatly improve the security of an application.
Given that ASLR protection has been shown to be effectively rendered useless in a few minutes (http://www.cse.ucsd.edu/~hovav/papers/sppgmb04.html), the above statement seems to be misleading -- Prashmohan 10:35, 31 October 2007 (UTC)
The example code actually uses the second command line argument to the program since arrays in C are zero based and the index 1 is used. —Preceding unsigned comment added by Gthubron (talk • contribs) 19:39, 8 April 2008 (UTC)
WARNING: In the images describing stack, in my opinion char *bar should be below return address (feel free to update images). bar* is pushed before call, so RET adress is "above". —Preceding unsigned comment added by 184.108.40.206 (talk) 13:49, 5 January 2009 (UTC) I agree, bar* is definitely pushed by the caller, so it is for sure before the RET address. The images are not correct. — Preceding unsigned comment added by 220.127.116.11 (talk) 08:18, 26 November 2011 (UTC)
Hackers vs. Black Hat Hackers
At time of writing, line 19 reads:
This is one of the oldest and more reliable methods for [[Hacker (computer security)|hackers]] to gain unauthorized access to a computer.
This, I believe, misconstrues hackers as unethical black hat hackers. It mars the name of hacker. I am changing it for the time being to black hat hacker. Added by Jon Weldon II: (talk) 04:47, 11 April 2012 (UTC)
- White hat hackers also expose vulnerabilities in software by finding stack buffer overflows. I have changed it to the less culturally subjective term "attacker". Oktal (talk) 13:42, 13 July 2013 (UTC)
Picture titled " The program stack in foo() with various inputs"
Hello fellow Wikipedians,
I have just modified one external link on Stack buffer overflow. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive http://web.archive.org/web/20070928100343/http://www.securityforest.com/downloads/educationtree/stack_overflows.pdf to http://www.securityforest.com/downloads/educationtree/stack_overflows.pdf
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at
An editor has reviewed this edit and fixed any errors that were found.
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
If you are unable to use these tools, you may set
|needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.