On Mon, 20 Oct 2003 01:33:10 -0000, ellostron@xxxxxxxxx said: > Hi,i looked all over the web but i couldnt find information about buffer overflows in delphi programs. It's one of several things: 1) Delphi isn't used enough to make attacking it interesting. 2) Delphi is mostly secure against buffer overflows. 3) Delphi leaks like a sieve in other respects, and there's no need to do a buffer overflow when abusing the quoting rules works. I *cant* actually speak to the truth of any of those 3, but those are the top three *possible* reasons (at least to my thinking). Devising a way to test each hypothesis is left as an exercise for the vuln-dev community ;) > I think that as far as delphi uses pascal style strings,programs made in delp hi are much safer than those made in c/c++. > 1)Is really delphi much safer? Presumably it's safer against character-array buffer overflows. This does not imply that the language is overall safer - there could very well be significant brain damage elsewhere, and char-based overflows are only one attack method. And I'm *positive* that the average Delphi program is just as prone to the same sort of "failure to filter" bugs that cause every other language to be vulnerable to XSS, SQL injection, and similar. Sorry I couldn't answer the question directly, but hopefully I've pointed you in a productive direction....
Description: PGP signature