Date: Thu, 13 Feb 1997 23:45:07 +0000 From: Robin Melville <robmel@innotts.co.uk> To: Charles Mott <cmott@srv.net> Cc: freebsd-chat@freebsd.org Subject: Re: Trying to understand stack overflow Message-ID: <l03010d00af295576131e@[194.176.130.51]> In-Reply-To: <Pine.BSF.3.91.970213154654.6401B-100000@darkstar> References: <Mutt.19970213230219.j@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
At 4:03 pm -0700 13/2/97, Charles Mott wrote: >On Thu, 13 Feb 1997, J Wunsch wrote: >[snip] >If it does, then it would be interesting to have a version of gcc which >adds some "noise" as to where exactly in the stack an automatic variable >is located. Yes, I wondered about this too. I don't believe the actual location of an auto makes any difference, because the desired effect is to overwrite the return address. Thinking aloud, a random padding of the stack frame would make this less feasible. This would, however, add significantly to the size of executables, and would be easily get-aroundable where precompiled libraries and executables were used (eg FreeBSD distributions & packages). It would require everybody to make world before they could use the system. >Would it also be possible to have separate data and control flow stacks? >... Yes that would also make more sense. >My instinct is to go after this problem at a more fundamental level than >doing giant code audits. Me too. However, the stack overrun exploits are by no means the only ones in use. Also, a major audit might well find loads of hidden bugs and possible allow streamlining of late-night code ;) >Obviously I don't know too much about all this, >so this message is in freebsd-chat. Yes, I guess it's not unlikely that we're making the Gurus wince with our carnival of ignorance... :) Regards Rob.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d00af295576131e>