Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Crispin Cowan <crispin () immunix com>
Date: Wed, 13 Aug 2003 11:12:39 -0700
Eygene A. Ryabinkin wrote:
This is approximately what StackShield <http://www.angelfire.com/sk/stackshield/info.html> does. However, it does not appear to have been maintained since 2000.I have an idea on buffer overflow prevention. I doubt that it's new, but I haven't seen an implementation of it in any freely distributable Un*x system. So, I hardly need your comments on it. ... The idea itself: all (correct me if I'm wrong) buffer overflows are based on the fact that we're using the stack, referenced by SS:ESP pair, both for procedure return address and for local variables. It seems to me, that would we have two stacks -- one for real stack and one for variables -- it will solve a bunch of problems. So, my suggestion: let us organise two segments: one for normal stack, growing downwards, referenced by SS:ESP pair and the second one, for local variables, referenced by GS:EBP pair, with either upwards or downwards growing. Now, if we use first segment for passing variables and procedure return addresses (normal stack usage), and second segment only for local procedure variables, we will have the following advantages:
Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
Current thread:
- Buffer overflow prevention Eygene A. Ryabinkin (Aug 13)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Crispin Cowan (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention weigelt (Aug 15)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Jonathan A. Zdziarski (Aug 13)
- Re: Buffer overflow prevention Andreas Beck (Aug 14)
- Re: Buffer overflow prevention Jingmin (Jimmy) Zhou (Aug 13)
- Re: Buffer overflow prevention Craig Pratt (Aug 13)
- Re: Buffer overflow prevention Patrick Dolan (Aug 13)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
(Thread continues...)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)