Date: Mon, 17 Feb 1997 21:10:17 -0700 (MST) From: Charles Mott <cmott@srv.net> To: David Greenman <dg@root.com> Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, freebsd-chat@freebsd.org Subject: Re: Countering stack overflow Message-ID: <Pine.BSF.3.91.970217204736.3518C-100000@darkstar> In-Reply-To: <199702180343.TAA03412@root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I really don't see how any of this is going to affect the problem. You > can use relative addressing/position independant code to get around any > differences in stack addresses. The whole point of the stack overflow attack, as it has been explained to me, is that the return address has to be modified to point to the overflow region of the stack (with maybe a kilobyte or two of slack). This requires an approximate knowledge of where, in absolute address space, the stack overflow region is. I am mainly interested in this vulnerability since it seems to allow an outsider to waltz into your machine and gain root privilege immediately. It seems to be much more serious than the other security problems. If there is an uncertainty of a few hundred megabytes of where the top of the stack is, then this would make compromise much more difficult, especially for a network based (rather than shell based) attack. I agree that going to strncpy's is a good idea, I am just personally curious about adding an extra layer of security. This is just sound strategy in my view. I will work on this offline, since I think I have received as much information as I can from this venue. I'm sort of tired of arguing with everybody on this. No more responses, please. I will just understand things on my own. Charles Mott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970217204736.3518C-100000>