Date: Mon, 21 May 2001 10:11:49 +0900 From: Hiroaki Etoh <etoh@trl.ibm.co.jp> To: mixtim@home.com Cc: security@FreeBSD.ORG Subject: Re: Base system with gcc stack-smashing protector Message-ID: <20010521101149B.etoh@trl.ibm.com> In-Reply-To: <20010518211301.A53682@home.com> References: <20010519093227T.etoh@trl.ibm.com> <20010518211301.A53682@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At Fri, 18 May 2001 21:13:01 -0400, Mixtim <mixtim@home.com> wrote: > Have you seen Phrack Magazine issue 56, article 5? The title is "Bypassing > StackGuard and StackShield." > > "This article is an attempt to demonstrate that it is possible to > exploit stack overflow vulnerabilities on systems secured by > StackGuard or StackShield even in hostile environments (such as when > the stack is non-executable)." > > Does your patch address their concerns? Yes. The article pointed out that StackGuard or StackShield protection can be bypassed using buffer overflows to alter other pointers in the program besides the return address. (StackGuard introduced a remediation, which is called XOR canary protection with a little bit performance overhead.) My protection changes the locations of such pointers to the location behind buffers, so those pointers can not be altered using buffer overflows. It acheives the protection without performance degradation. Please see http://www.trl.ibm.com/projects/security/ssp/node4.html#SECTION00042000000000000000 in detail. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010521101149B.etoh>