Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Jedi/Sector One <j () pureftpd org>
Date: Thu, 14 Aug 2003 20:47:21 +0200
On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote:
What we're discussing here is an internal structures and data protecting. IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/), is the best protection in this kind, even comparing to "two stack" approach.
ProPolice is not magical, though. There are plenty of cases where it is totally inefficient. To illustrate a very common one : #include <string.h> struct Test { char str[5]; }; int main(void) { struct Test x; strcpy(x.str, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); return 0; } Propolice doesn't see anything wrong and eip happily goes to 0x41414141. Propolice also doesn't give any protection against heap overflows. So the best protection is probably Propolice + non exec stack + write xor executable pages. Oh, surprise, this is just how OpenBSD works. This is still not a magical protection against everything. A vulnerable application can still behave abnormally after an overflow. But this couple makes injection + execution of arbitrary code way more tricky. The only way to sleep quietly is still to audit the code at the first place. -- __ /*- Frank DENIS (Jedi/Sector One) <j () 42-Networks Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
Current thread:
- Re: Buffer overflow prevention, (continued)
- Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Solar Designer (Aug 15)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Theo de Raadt (Aug 14)
- Re: Buffer overflow prevention Matt D. Harris (Aug 14)
- Re: Buffer overflow prevention sauron (Aug 14)
- Re: Buffer overflow prevention Timo Sirainen (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Theo de Raadt (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
- Re: Buffer overflow prevention Miod Vallat (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention stealth (Aug 15)
- Re: Buffer overflow prevention Mark Tinberg (Aug 18)
- Re: Buffer overflow prevention Crispin Cowan (Aug 18)
- Re: Buffer overflow prevention Peter Busser (Aug 18)
- Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention Shaun Clowes (Aug 18)