Bugtraq mailing list archives

Re: Buffer Overflows: A Summary

From: spaf () CS PURDUE EDU (Gene Spafford)
Date: Fri, 2 May 1997 15:04:33 -0500

Bill Trost <trost () CLOUD RAIN COM> wrote:

Oddly enough, we had a talk here in the CS department earlier this
week by Mootaz Elnozahy from Carnegie Mellon who suggested the idea of
writing a system call pattern associated with a security sensitive
program.  The pattern would specify which calls would be used, with
what arguments, and in what order, etc.  The kernel could check the
program's execution, and if the kernel detects a problem, it drops the
program into a secure mode where the attacker continues to get
responses like the attack is succeeding, but can't actually do any
damage.


Mr. Elnozahy should look at the literature more carefully.  Stephanie Forrest
has been working on something almost exactly like this for the past couple of
years.  A paper on the work was in the last Oakland IEEE Symposium on
Security and Privacy.  The work has continued, and they have more interesting
results.

There is also some history of techniques similar to this used in deployed
intrusion detection systems.....

--spaf

Current thread:

Re: Buffer Overflows: A Summary Bill Trost (May 01)
- Re: Buffer Overflows: A Summary Tommy Marcus McGuire (May 02)
  - Re: Buffer Overflows: A Summary Gene Spafford (May 02)
  - Windows NT 4.0 SAM hotfix Aleph One (May 02)
  - Re: Buffer Overflows: A Summary Lamont Granquist (May 03)
  - Solaris lpNet & temp files (exploit) Chris Sheldon (May 03)
    - Re: Solaris lpNet & temp files (exploit) Casper Dik (May 07)
  - A bug in Elm fflush (May 04)
    - Re: A bug in Elm Larry Schwimmer (May 04)
    - Hole in the KDE desktop Alan Cox (May 05)
    - A vulnerability in Lynx (all versions) fflush (May 05)
    - Re: A vulnerability in Lynx (all versions) Theo de Raadt (May 05)
    - SGI Security Advisory 19970101-02-PX - csetup Program SGI Security Coordinator (May 05)

(Thread continues...)