Bugtraq mailing list archives
StackGuard-protected Linux and a New StackGuard Compiler
From: crispin () CSE OGI EDU (Crispin Cowan)
Date: Thu, 27 Aug 1998 22:26:54 -0700
StackGuard is a compiler to protect programs against stack smashing attacks. When stack smashing exploits are deployed against StackGuard-protected programs, the protected program halts and logs the attack attempt in syslog, rather than yield control to the attacker's code. This post is to announce a new release of StackGuard, providing better performance, and support for shared libraries. We have re-compiled the entire set of programs and libraries provided in the Red Hat 5.1 distribution. In addition to providing the compiler, we are also providing these protected programs and libraries in the form of binary RPMs on our server: http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ These 526 RPMs are drop-in replacements for the RPMs provided by Red Hat, except that stack smashing is no longer an alternative means of getting into the box when you forget the root password :-) There are a few other errata covered in the README.SG file. Note that StackGuard-protected programs are inter-operable with un-protected shared libraries, and StackGuard-protected libraries are inter-operable with un-protected programs. This is a mixed blessing: on one hand, it means that if you are concerned with glibc vulnerabilities, you need only install the StackGuard-protected glibc RPM. On the other hand, if you are concerned with all shared library vulnerabilities, the unprotected libraries will still function with your new StackGuard-protected programs, and so you must be careful to install all libraries used by all programs that you wish to protect. The source code used for the re-build is the source code provided by ftp.redhat.com as of July 13, 1998. There were a small number of changes that we had to make to the source to successfully re-build it, documented in README.SG. The StackGuard compiler itself is an enhancement to gcc 2.7.2.3, and for the most part is a drop-in replacement for gcc. The one major caveat is that StackGuard protection must be turned OFF to build the Linux kernel. This is because the kernel knows what a function activation record looks like to do context switching, and StackGuard changes the format of an activation record to do the integrity check. The support for shared libraries and the enhanced performance are enabled by an enhancement originally proposed by der Mouse, to the effect that a null next to a value is not possible to overflow undetected, because string ops terminate on null. However, some string operations actually do copy through nulls, such as gets(). We have enhanced der Mouse's technique so that the integrity word is a combination of Null, CR, LF, and -1, which should cover the range of termination symbols for C string operations. A paper describing StackGuard appeared at the 1998 USENIX Security Conference. The paper is also on our web page. Naturally, we would appreciate feedback on either security or functionality problems with any of the RPMs that we have provided. Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science, OGI StackGuard: protect your software against Stack Smashing Attack http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ Support Justice: Boycott Windows 98
Current thread:
- Re: News DoS using sendsys, (continued)
- Re: News DoS using sendsys David Shaw (Aug 27)
- SV: SV: Serious Security Hole in Hotmail (URL to sourcecode) Jonathan James (Aug 27)
- Re: News DoS using sendsys Julian Cowley (Aug 27)
- Re: News DoS using sendsys Russ Allbery (Aug 27)
- Seyon Security Vulnerability SGI Security Coordinator (Aug 27)
- Re: Seyon Security Vulnerability Alan Cox (Aug 27)
- SECURITY: new nfs-server packages available (fwd) Alan Cox (Aug 27)
- Re: SECURITY: new nfs-server packages available (fwd) Paul Boehm (Aug 27)
- Cisco response re PIX fragmentation issue Cisco Product Security Incident Response Team (Aug 27)
- NFS fix - TurboLinux 2.0 Scott Stone (Aug 27)
- StackGuard-protected Linux and a New StackGuard Compiler Crispin Cowan (Aug 27)
- Re: News DoS using sendsys Don Lewis (Aug 27)