Don't catch it!

Dot your i's, cross your t's - but don't catch your exceptions. That's what is recommended if you are coding for Windows Vista.

Well, not exactly. There is an extremely interesting post on the recent ANI cursor handling security vulnerability here. It has a new take on catching exceptions. Catching an exception from a vulnerable snippet of code may nullify the protection provided by Vista's address space randomization, since the hacker may repeatedly try different input values without the process exiting.

Really interesting. The real question is.. how much attention do we really need to pay to this? Where do we draw the line between reliable code (one that catches exceptions) and secure code (one that doesn't). Is it too early to be worrying about this? I wonder.


Popular posts from this blog

February 5, 2005 Kshitij Day

Trouble installing KB2881553

How to create instance of MsftDiscMaster2 in C#