为什么不堆栈向上增长(安全)? [英] Why don't stacks grow upwards (for security)?
问题描述
这是有关这个问题的为什么堆栈通常成长向下?,但是从安全角度来看了。我一般指的是86。
这令我奇怪的是,堆栈会向下生长,当缓冲区通常写在内存中向上。例如,一个典型的C ++字符串有比年初更高的内存地址结束。
这意味着,如果有你进一步覆盖调用栈,这是我理解一个缓冲区溢出是一个安全隐患,因为它开启改变返回地址和局部变量内容的可能性。
如果堆栈内存中向上生长,不会缓冲区溢出只需运行在死的记忆?这会提高安全性?如果是这样,为什么没有它已经完成?约64什么,做那些堆栈向上生长,如果不是为什么不呢?
技术上这是OS /依赖CPU,但通常这是因为堆栈和堆在相反的方向,并从地址空间的相对端增加。
这样的安排给你最灵活分割/不使它们相撞分配堆和栈之间的内存。如果他们都在相同的方向成长,则需要有一个起始地址为堆栈将使一个硬限制堆的最大尺寸(和在堆栈的大小硬限制)
ETA:
在维基百科上发现一个有趣的一块约为何作出栈向上增长不一定prevent堆栈溢出 - 它只是使他们的工作有点不同。
This is related to the question 'Why do stacks typically grow downwards?', but more from a security point of view. I'm generally referring to x86.
It strikes me as odd that the stack would grow downwards, when buffers are usually written to upwards in memory. For example a typical C++ string has its end at a higher memory address than the beginning.
This means that if there's a buffer overflow you're overwriting further up the call stack, which I understand is a security risk, since it opens the possibility of changing return addresses and local variable contents.
If the stack grew upwards in memory, wouldn't buffer overflows simply run in to dead memory? Would this improve security? If so, why hasn't it been done? What about x64, do those stacks grow upwards and if not why not?
Technically this is OS/CPU dependant, but typically this is because the stack and heap grow in opposite directions and from opposite ends of the address space.
This arrangement gives you the most flexibility to split/allocate memory between the heap and the stack without causing them to collide. If they were both to grow in the same direction, then you would need to have a starting address for the stack that would put a hard limit the maximum size of the heap (and a hard limit on the size of the stack)
ETA:
Found an interesting piece on wikipedia about why making a stack grow upwards does not necessarily prevent stack overflows - it just makes them work a bit differently.
这篇关于为什么不堆栈向上增长(安全)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
