Bugtraq mailing list archives
Re: Stack Shield: defending from "stack smashing" attacks
From: crispin () CSE OGI EDU (Crispin Cowan)
Date: Sun, 5 Sep 1999 05:58:16 +0000
Chris Keane wrote:
On Tue, 31 Aug 1999, "CC" = Crispin Cowan wrote:+> So, why would one use the approach of saving the return address on +> another stack, instead of patching the stack itself, like StackGuard? +> The only reason I can imagine, is that one does not want to change the +> stack layout. The benefit of not changing the stack layout, is that +> you can do the change outside of the compiler. CC> Another major advantage is that gdb continues to work. The CC> StackGuard method fails for all programs that introspect the stack, CC> gdb being the major example. And presumably it would mean you could compile kernels with it, which also fails with StackGuard (for Linux, at least).
Part of why we never bothered to make StackGuard work for kernels is that it is unclear what value it adds. At best, you could panic() the kernel. Admitedly, that's better than yielding control to the attacker, but it is much more disruptive than killing processes. I also observe that there are *very* fiew kernel buffer overflow exploits. It's as if kernel hackers are better than the rest ... :-) Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science, OGI NEW: Protect Your Linux Host with StackGuard'd Programs :FREE http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Current thread:
- Re: Stack Shield: defending from "stack smashing" attacks Tobias Haustein (Aug 31)
- <Possible follow-ups>
- Re: Stack Shield: defending from "stack smashing" attacks Crispin Cowan (Aug 31)
- Re: Stack Shield: defending from "stack smashing" attacks Tobias Haustein (Sep 01)
- Re: Stack Shield: defending from "stack smashing" attacks Valdis.Kletnieks () VT EDU (Sep 01)
- Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow DEF CON ZERO WINDOW (Sep 02)
- Re: Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow Brett Glass (Sep 03)
- Netscape 4.x exploit code DEF CON ZERO WINDOW (Sep 02)
- Re: Stack Shield: defending from "stack smashing" attacks Chris Keane (Sep 02)
- Re: Stack Shield: defending from "stack smashing" attacks Crispin Cowan (Sep 04)