From owner-freebsd-hackers Tue Feb 4 12:24: 8 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DAC837B401 for ; Tue, 4 Feb 2003 12:24:07 -0800 (PST) Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF7B843F93 for ; Tue, 4 Feb 2003 12:24:05 -0800 (PST) (envelope-from kientzle@acm.org) Received: from acm.org (big.x.kientzle.com [66.166.149.54]) by kientzle.com (8.11.3/8.11.3) with ESMTP id h14KNsp03894; Tue, 4 Feb 2003 12:23:54 -0800 (PST) (envelope-from kientzle@acm.org) Message-ID: <3E40215A.4050207@acm.org> Date: Tue, 04 Feb 2003 12:23:54 -0800 From: Tim Kientzle Reply-To: kientzle@acm.org User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011206 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Justin Lundy Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: [eugene@securityarchitects.com: Re: Preventing exploitation with rebasing] References: <20030204195114.GA92636@cvs.tegatai.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Justin Lundy wrote: > "Add a possibility to add a random offset to the stack on exec. This makes > it slightly harder to write generic buffer overflows. This doesn't really > give any real security, but it raises the bar for script-kiddies and it's > really cheap. This idea can also be used within applications. Just use alloca() to randomize the stack location. No kernel changes needed. There are more portable ways to do this, of course, for those who dislike alloca. Tim Kientzle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message