Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: StackGuard: Automatic Protection From Stack-smashing Attacks

From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Fri, 19 Dec 1997 15:01:35 -0700


      int save_uid;
      char buf[10];

      save_uid = getuid();
      setuid(0);
      fp = fopen("input", "r");
      fscanf(fp, "%s", buf);
      setuid(save_uid);


For this particular example, in some levels of optimization (gcc -O2,
I believe, or via other future compiler hacks) your generated code
could place the objects on the stack in this order: return address,
buf[], save_uid.  Coupled with the other approaches, that would solve
this particular case.

(But I don't believe in solving these special cases one by one).


My personal feelings on the recent proposals for fixing
"the overflow problem" is that I don't like them.  They all
seem hacky to me, and all claim to be a silver bullet to finally
put an end to the problem.  I much rather see the original problems
fixed,  a solution that is much more aesthetically pleasing to
me.  On the other hand the proposals do reduce the number of
attacks, and buy time until attackers get more sophisticated
in their exploits.


I don't even hope to see a magic solution coming down the line.  I'll
just continue fixing the basic bugs.  (But they are getting harder to
find; perhaps I should start using Purify or Insight..)
Previous By Date Next
Previous By Thread Next

Current thread: