Firewall Wizards mailing list archives

Re: securing bind

From: Crispin Cowan <crispin () cse ogi edu>
Date: Tue, 23 Nov 1999 02:45:35 +0000

Crispin Cowan wrote:

Ken Hardy wrote:

It's obvious that we'll never see the end of stack overrun
attacks until overrunning the stack doesn't get you anywhere.
IMHO something like StackGuard should be a standard option on

...

Alternatively (and higher performance?) Solaris 2 has a kernel
parameter that can be set to make the stack non-executable.


As does Linux.  I've just finished writing a paper describing the comparative
effectiveness of a variety of buffer overflow defenses.  Notably, non-executable
stack overlaps with StackGuard, but each has attacks that it uniquely defends
against.  Since they are compatible, both should be used for maximum coverage.
The paper will appear at the DARPA Information Survivability Expo (
http://schafercorp-ballston.com/discex/ ) and an invited talk at SANS 2000 (
http://www.sans.org/newlook/events/sans2000.htm ).  I'll have the paper up on
the publications page at http://immunix.org shortly.


Ok, I've posted my paper.  It is available for download here:
http://immunix.org/StackGuard/discex00.pdf

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org

Current thread:

securing bind Jan Stifter (Nov 17)
- Re: securing bind Craig H. Rowland (Nov 17)
  - Re: securing bind chuck (Nov 18)
  - Re: securing bind Ken Hardy (Nov 21)
    - Re: securing bind Crispin Cowan (Nov 22)
    - Re: securing bind Crispin Cowan (Nov 23)
    - Re: securing bind Saravana Ram (Nov 23)
    - Who to blame (was RE: securing bind) Anton J Aylward (Nov 26)
    - Re: securing bind Gerardo Richarte (Nov 26)
- Re: securing bind what's your style (Nov 18)
- <Possible follow-ups>
- Fwd: Re: securing bind Predrag Zivic (Nov 28)