From owner-freebsd-chat  Sun Feb 16 18:50:09 1997
Return-Path: <owner-chat>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id SAA16072
          for chat-outgoing; Sun, 16 Feb 1997 18:50:09 -0800 (PST)
Received: from who.cdrom.com (who.cdrom.com [204.216.27.3])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA16067
          for <freebsd-chat@FreeBSD.ORG>; Sun, 16 Feb 1997 18:50:05 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by who.cdrom.com (8.7.5/8.6.11) with ESMTP id SAA17504
          for <freebsd-chat@FreeBSD.ORG>; Sun, 16 Feb 1997 18:46:50 -0800 (PST)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id NAA07044; Mon, 17 Feb 1997 13:13:25 +1030 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199702170243.NAA07044@genesis.atrad.adelaide.edu.au>
Subject: Re: Countering stack overflow
In-Reply-To: <Pine.BSF.3.91.970216191027.1528A-100000@darkstar> from Charles Mott at "Feb 16, 97 07:22:31 pm"
To: cmott@srv.net (Charles Mott)
Date: Mon, 17 Feb 1997 13:13:24 +1030 (CST)
Cc: freebsd-chat@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-chat@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Charles Mott stands accused of saying:
> What I have noticed running test programs is that the top of the stack
> always appears to be at or near 0xffffffff.  I am interested in generating
> an experimental kernel patch (for 2.1.0-R) which would randomly change the
> top stack address over a range of 0x4fffffff 0xffffffff when a a new
> process (not a fork) is started. 
> 
> My guess is that this will practically shut down any stack overflow
> attacks which gain root privilege.  They may still cause crashes or
> process termination, though. 
> 
> Please advise if there is a conceptual error in what I want to do.  I have

There is a conceptual error in what you want to do.

Stack accesses are _relative_.

> Charles Mott

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[