From owner-freebsd-chat Thu Feb 13 15:48:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA19041 for chat-outgoing; Thu, 13 Feb 1997 15:48:17 -0800 (PST) Received: from mail.crl.com (mail.crl.com [165.113.1.22]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id PAA19033 for ; Thu, 13 Feb 1997 15:48:13 -0800 (PST) Received: from carlton.innotts.co.uk by mail.crl.com with SMTP id AA25331 (5.65c/IDA-1.5 for ); Thu, 13 Feb 1997 15:47:17 -0800 Received: from [194.176.130.90] (serialB19.innotts.co.uk [194.176.130.90]) by carlton.innotts.co.uk (8.6.12/8.6.12) with ESMTP id XAA23387; Thu, 13 Feb 1997 23:45:03 GMT X-Sender: robmel@mailhost.innotts.co.uk Message-Id: In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 13 Feb 1997 23:45:07 +0000 To: Charles Mott From: Robin Melville Subject: Re: Trying to understand stack overflow Cc: freebsd-chat@freebsd.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by freefall.freebsd.org id PAA19035 Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 4:03 pm -0700 13/2/97, Charles Mott wrote: >On Thu, 13 Feb 1997, J Wunsch wrote: >[snip] >If it does, then it would be interesting to have a version of gcc which >adds some "noise" as to where exactly in the stack an automatic variable >is located. Yes, I wondered about this too. I don't believe the actual location of an auto makes any difference, because the desired effect is to overwrite the return address. Thinking aloud, a random padding of the stack frame would make this less feasible. This would, however, add significantly to the size of executables, and would be easily get-aroundable where precompiled libraries and executables were used (eg FreeBSD distributions & packages). It would require everybody to make world before they could use the system. >Would it also be possible to have separate data and control flow stacks? >... Yes that would also make more sense. >My instinct is to go after this problem at a more fundamental level than >doing giant code audits. Me too. However, the stack overrun exploits are by no means the only ones in use. Also, a major audit might well find loads of hidden bugs and possible allow streamlining of late-night code ;) >Obviously I don't know too much about all this, >so this message is in freebsd-chat. Yes, I guess it's not unlikely that we're making the Gurus wince with our carnival of ignorance... :) Regards Rob.