Re: Buffer overflow prevention

[Crispin Cowan <crispin () immunix com>]

Sam Baskinger wrote:

> It sounds like array bounds checking would offer an almost equivalent effect.  
> This would not stop mis-casting a struct and referencing out of it or similar 
> casting+address calcuation errors.  To prevent that you would need either a 
> language that prevented the production of that sort of code or to solve the 
> halting problem.
Array bounds checking offers greater protection than any of these 
protections (StackGuard, ProPolice, PointGuard, W^X, PAX/ASLR, etc.) The 
problem is that the very fastest array bounds protection for C (Bounded 
Pointers) imposes a 5X slowdown on performance, where as these other 
techniques impose overheat somewhere between noise and 20%. See the 
comparison chart in the back of the PointGuard paper for a good 
comparison of these techniques:

   "PointGuard: Protecting Pointers From Buffer Overflow
   Vulnerabilities". Crispin Cowan, Steve Beattie, John Johansen and
   Perry Wagle. To appear at the 12^th USENIX Security Symposium
   <http://www.usenix.org/events/sec03/>, Washington DC, August 4-8,
   2003. Paper
   <http://immunix.com/%7Ecrispin/pointguard_usenix_security2003.pdf>
   and Talk
   <http://immunix.com/%7Ecrispin/pointguard_usenix_security2003.ppt>.

Crispin

--
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
           http://www.immunix.com/shop/