Jump to content

Wikipedia:Peer review/Buffer overflow/archive1

Add links
From Wikipedia, the free encyclopedia
< Wikipedia:Peer review | Buffer overflow
This is an old revision of this page, as edited by Wikibob (talk | contribs) at 00:34, 8 January 2006 (resolved this by reordering the sections after Protection from buffer overflows; +troubled by intrusion-detection systems sentence). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Buffer overflow

Hey! I'm submitting this article for peer review, because quite a bit has changed recently and some sections are possibly a bit dubious. It would be nice to get this up to FA quality since it is possibly one of the most important issues in computer security today and is also of great historical interest.

Suggestions needed on:

  • General grammar, phrasing, use of terminology etc.
  • Clarity
  • Technical Description, does it need rewrinting?
  • Diagrams
  • History Section

Any suggestions will be much appreciated.

Cheers,

Tompsci 19:00, 7 January 2006 (UTC)[reply]

I reviewed version of 19:24, 2006 January 7:

  • I changed sentence to: Buffer overflows can cause a process to crash and changed sentence style in second third and fourth paragraphs.
  • needs a diagram but I couldn't find one in commons
  • Technical description is C-based but C is not mentioned until later, and overflows occur in situations other than function calls and stacks
  • I recall years ago some architectures (Motorola?) have separate stacks for addresses and data, should this article specify the type of stack?
  • I am surprised that subsection Choice of programming language is not the first item in the section Protection from buffer overflows, and this might avoid the see below parenthesis.

Hope this helps, I'm not an expert in this so I read mainly for comprehension. -Wikibob 20:50, 7 January 2006 (UTC)[reply]

  • This sentence troubled me: Packet scanning intrusion-detection systems (IDSs) and application firewalls can detect remote attempts to exploit buffer overflows. The articles Intrusion-detection system and application firewall did not convince me that the sentence is indeed true. IDS is itself vague and hand waving while the firewall article did not address an exploit of an overflow in Outlook Express (OE), say. As I see it OE could open a TIFF image with a tag that causes a buffer overflow in OE that then sends out emails. Exactly how does the application firewall detect this when OE is allowed to send emails? Maybe all will become clear to me after cleanup of those two articles. -Wikibob 00:34, 8 January 2006 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Peer_review/Buffer_overflow/archive1&oldid=34302642"