Bugtraq mailing list archives
Re: StackGuard: Automatic Protection From Stack-smashing Attacks
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Fri, 19 Dec 1997 15:01:35 -0700
int save_uid; char buf[10]; save_uid = getuid(); setuid(0); fp = fopen("input", "r"); fscanf(fp, "%s", buf); setuid(save_uid);
For this particular example, in some levels of optimization (gcc -O2, I believe, or via other future compiler hacks) your generated code could place the objects on the stack in this order: return address, buf[], save_uid. Coupled with the other approaches, that would solve this particular case. (But I don't believe in solving these special cases one by one).
My personal feelings on the recent proposals for fixing "the overflow problem" is that I don't like them. They all seem hacky to me, and all claim to be a silver bullet to finally put an end to the problem. I much rather see the original problems fixed, a solution that is much more aesthetically pleasing to me. On the other hand the proposals do reduce the number of attacks, and buy time until attackers get more sophisticated in their exploits.
I don't even hope to see a magic solution coming down the line. I'll just continue fixing the basic bugs. (But they are getting harder to find; perhaps I should start using Purify or Insight..)
Current thread:
- SNI-22: RADIUS Advisory, (continued)
- SNI-22: RADIUS Advisory Secure Networks Inc. (Dec 17)
- Re: SNI-22: RADIUS Advisory miguel a.l. paraz (Dec 17)
- CGI security hole in EWS (Excite for Web Servers) Marc Merlin (Dec 17)
- Re: CGI security hole in EWS (Excite for Web Servers) carson () tla org (Dec 18)
- Re: SNI-22: RADIUS Advisory Thom Henderson (Dec 18)
- mIRC Worm Aleph One (Dec 18)
- Re: mIRC Worm Nigel Reed (Dec 18)
- Re: mIRC Worm Paul Wilson (Dec 18)
- StackGuard: Automatic Protection From Stack-smashing Attacks Crispin Cowan (Dec 18)
- Re: StackGuard: Automatic Protection From Stack-smashing Attacks Tim Newsham (Dec 19)
- Re: StackGuard: Automatic Protection From Stack-smashing Attacks Theo de Raadt (Dec 19)
- Xotpcalc, version 1.0 Ivan Nejgebauer (Dec 19)
- SNI-22: RADIUS Advisory Secure Networks Inc. (Dec 17)
- Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux 4.2) Alex Mottram (Dec 19)
- Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux Alec Muffett (Dec 19)
- f00f.patch (fwd) Ejovi (Dec 19)
- Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux Theo de Raadt (Dec 19)
- Administratrivia Aleph One (Dec 19)