Date: Wed, 3 Nov 1999 11:01:07 -0700 (MST) From: Paul Hart <hart@iserver.com> To: Andre Gironda <andre@sun4c.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: stack protecting Message-ID: <Pine.BSF.4.10.9911031024190.30946-100000@anchovy.orem.iserver.com> In-Reply-To: <19991103090003.B18803@toaster.sun4c.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Nov 1999, Andre Gironda wrote: > And I really doubt in either case you prevent 50% of breakins. Why? By a significant margin, most exploitable buffer overflows have proven to be of the stack-based variety, and if you've got StackGuard up and running I think you'll prevent much more than just 50% of breakins from buffer overflows. > There is a LOT of material available that explains the inner-workings > of heap overflows. There is a lot of generated code that aids a > person with exploiting heap overflows. They are readily available just > like stack overflow exploit scripts are readliy available. I agree that heap-based overflows can be exploitable, but they are typically more difficult to exploit and seem to be usually less prevalent than stack-based overflows. On other OSes such as Solaris, attacking important memory areas such as the procedure linkage table (used for dynamic linking) by hitting the stdio FILE structures through an overflow in the data/BSS segment has been fruitful in the past, but I don't know that we've seen the same for FreeBSD. What was the last heap-based overflow exploit for FreeBSD? The l0pht crontab hole or maybe the suidperl 4.x hole? > If you can find a way to stack protect FreeBSD, go for it, I say. But it's > not going to solve every problem. I agree, but if it adds at least some protection against the biggest cause of holes, why not use it? I don't think people should use it to give themselves a false sense of security though. BTW, it *is* possible to use StackGuard on FreeBSD, but it does take some hackage to get it to work. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911031024190.30946-100000>