From owner-freebsd-security  Fri Dec 19 02:53:11 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA10856
          for security-outgoing; Fri, 19 Dec 1997 02:53:11 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA10850
          for <freebsd-security@freebsd.org>; Fri, 19 Dec 1997 02:53:06 -0800 (PST)
          (envelope-from regnauld@deepo.prosa.dk)
Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id NAA09665 for <freebsd-security@freebsd.org>; Fri, 19 Dec 1997 13:32:18 +0100
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id MAA04463
	for <freebsd-security@freebsd.org>; Fri, 19 Dec 1997 12:20:02 +0100 (CET)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id LAA08705;
	Fri, 19 Dec 1997 11:52:02 +0100 (CET)
Message-ID: <19971219115202.29626@deepo.prosa.dk>
Date: Fri, 19 Dec 1997 11:52:02 +0100
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: freebsd-security@freebsd.org
Subject: Fwd: "StackGuard: Automatic Protection From Stack-smashing Attacks" <crispin@CSE.OGI.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.88e
X-Operating-System: FreeBSD 2.2.5-RELEASE i386
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

	Anybody ever used this ?
	Potential overhead ?

-----Forwarded message from Crispin Cowan <crispin@CSE.OGI.EDU>-----

Date:         Thu, 18 Dec 1997 21:34:39 -0800
From: Crispin Cowan <crispin@CSE.OGI.EDU>
Subject:      StackGuard: Automatic Protection From Stack-smashing Attacks
To: BUGTRAQ@NETSPACE.ORG

StackGuard: Automatic Detection and Prevention of Buffer-Overflow Attacks

StackGuard provides a systematic solution to the persistent problem of
buffer overflow attacks.  Buffer overflow attacks gained notoriety in
1988 as  art of the Morris Worm incident on the Internet.  While it is
fairly simple to fix individual buffer overflow vulnerabilities, buffer
overflow attacks  continue to this day.  Hundreds of attacks have been
discovered, and while most of the obvious vulnerabilities have now been
patched, more sophisticated buffer overflow attacks continue to emerge.

StackGuard is a simple compiler technique that virtually eliminates
buffer overflow vulnerabilities with only modest performance penalties.
Privileged programs that are recompiled with the StackGuard compiler
extension no longer yield control to the attacker, but rather enter
fail-safe state.  These programs require no source code changes at all,
and are binary-compatible with existing operating systems and libraries.

StackGuard is intended to protect buggy software against stack smashing
attacks, even those attacks that have not yet been discovered.  For
instance, even though StackGuard was developed prior to the public
announcement Samba stack smashing vulnerability, the same vulnerable
Samba code when compiled with StackGuard protection was not vulnerable
to the attack.

A paper describing StackGuard will appear in the 1998 USENIX Security
Conference.  A pre-print of the paper is available (postscript and
HTML) here:

http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

Source for the StackGuard-enhanced gcc is also here.  This software is
available under the usual GPL (GNU Public License) rules.  Security people
are invited to download and evaluate StackGuard.

StackGuard may be of particular interest to system administrators
seeking to protect their hosts from attack.  The compiler is very stable;
for instance, a StackGuard-enhanced gcc can compile itself correctly.
Programs compiled with StackGuard should both compile and link without
complaint.  However, since this is a first release of StackGuard, I
still recommend that privileged software be kept up to date with respect
to security announcements.

I am very interested in feedback on StackGuard.  Naturally, all the usual
feedback is requested (bugs, security vulnerabilities, comments on the
design, etc.).  Of *particular* interest is any alarms that StackGuard
sets off:  if someone attempts to apply a stack-smashing attack to
a StackGuard-protected program, the program will halt with an error
message instead of yielding a root shell.  This message *may* indicate
the discovery of a new stack-smashing vulnerability:  please report it
both to me.  If your version of the program is current, then you may
also wish to report the problem to the author of the program in question.

I wish to thank the many contributors to the BUGTRAQ mailing list.  The
background information provided by BUGTRAQ was invaluable to this
research.  I am aware that there are other stack smashing solutions,
and they are described and cited in the paper.

Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science
Oregon Graduate Institute      | Electronically:
Department of Computer Science | analog:  503-690-1265
PO Box 91000                   | digital: crispin@cse.ogi.edu
Portland, OR 97291-1000        | URL:     http://www.cse.ogi.edu/~crispin/
                Knowledge is to Wisdom as Data is to Code

-----End of forwarded message-----

-- 
 -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
  "Pluto placed his bad dog at the entrance of Hades to keep the dead IN and
             the living OUT! The archetypical corporate firewall?"
   - S. Kelly Bootle, about Cerberus ["MYTHOLOGY", in Marutukku distrib] -