From owner-freebsd-hackers@FreeBSD.ORG  Sat Jul  9 00:15:59 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8660C16A41C
	for <freebsd-hackers@freebsd.org>; Sat,  9 Jul 2005 00:15:59 +0000 (GMT)
	(envelope-from www@marlena.vvi.at)
Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E1D6743D45
	for <freebsd-hackers@freebsd.org>; Sat,  9 Jul 2005 00:15:58 +0000 (GMT)
	(envelope-from www@marlena.vvi.at)
Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1])
	by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j68FYA5m062320;
	Fri, 8 Jul 2005 08:34:13 -0700 (PDT)
	(envelope-from www@marlena.vvi.at)
Received: (from www@localhost)
	by marlena.vvi.at (8.12.10/8.12.10/Submit) id j68FY0om062318;
	Fri, 8 Jul 2005 08:34:00 -0700 (PDT) (envelope-from www)
Date: Fri, 8 Jul 2005 08:34:00 -0700 (PDT)
Message-Id: <200507081534.j68FY0om062318@marlena.vvi.at>
To: root@Neo-Vortex.net
From: "ALeine" <aleine@austrosearch.net>
Cc: freebsd-hackers@freebsd.org, jeremie@le-hen.org
Subject: Re: ProPolice: best way to fill canary  
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2005 00:15:59 -0000

root@Neo-Vortex.net wrote: 

> I was meaning random length fixed value...

That may be what you meant, but that's definitely not what you said.

> and unless the attacker wants to set the return address to 0x0...

You may want to read the paper "Four different tricks to bypass StackShield
and StackGuard protection" before making more comments.

http://www.coresecurity.com/files/files/11/StackguardPaper.pdf

ALeine
___________________________________________________________________
WebMail FREE http://mail.austrosearch.net