ummm... People, as a separate discussion here is an idea [probably extremely lame]. There should be an allocation ramdomizer. Meaning say, if you require 100 bytes, then the randomizer should malloc memory from say 100-120 bytes at random during runtime. Now you may ask, why O why? Well when the [fixed] memory is allocated on the stack, peeps use it to overflow the buffer & corrupt return address of calling function - "Classic buffer overflow" as some like to call it. But if we have a variable allocated space the same overflowers will not have such an easy calculation - having a choice of 20 spots for the return address [in this eg]. Ofcourse it would be better to just check for input overshooting the buffers. But it was an idea anyway...!
'-)
quasi