Bugtraq mailing list archives

Re: fixing all buffer overflows --- random magin numbers

From: peter () ATTIC VUURWERK NL (Peter van Dijk)
Date: Sun, 12 Sep 1999 23:59:43 +0200


On Sat, Sep 11, 1999 at 09:37:00PM -0400, Dr. Joel M. Hoffman wrote:

I was thinking --- it wouldn't be too hard to make buffer overflow
attacks impossible.  The basic idea is to do away with binary
compatibility.

In particular, I was thinking that part of building a kernel would
involve assigning a random number to each syscall, and creating a
syscall.h file with these random numbers.  A binary would only run if
it was compiled with the proper syscall.h, so all binaries would have
to be recompiled for the new kernel, but then, syscall.h could be
removed, and the system would be impervious to buffer overflow
attacks.  (One step further would involve random magic numbers in
every function call.)

I would be happy to give up binary compatilibyt for the added security
it would add.

Comments?


Yaps.

[damn.. shouldn't drink beer when doing bugtraq postings. Well, I'll try my
best]

Your idea poses a problem:
distro-builders can't do binary distro's anymore. _everything_ should be
compiled. No more RPM. No more .deb. That sure would piss off lots of
people. Even RedHat users would have to compile their own kernels.
Also, for non-opensource systems, this would be quite heavy to do.

Also, it might not be effective. How many syscalls does one exploit really
use? Looking at my syscall.h (Linux 2.0.36), they're all under 256. Not
much to brute-force, I'd say.

Ofcourse, anything helps. It'll stop standard exploits. It'll stop
scriptkiddies, even (I like your idea, despite of the problems it creates).

Well.. find someone crazy enough to implement it. I'm curious to the
results:)

Greetz, Peter

--
| 'He broke my heart,      |                              Peter van Dijk |
     I broke his neck'     |                     peter () attic vuurwerk nl |
   nognikz - As the sun    |           nognikz - As the sun    |        Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |

Current thread:

Re: Root shell vixie cron exploit, (continued)
- - Re: Root shell vixie cron exploit Michal Zalewski (Sep 01)
  - Re: Root shell vixie cron exploit John Kennedy (Sep 03)
    - Re: Root shell vixie cron exploit Peter Wemm (Sep 07)
    - Re: Root shell vixie cron exploit Raymond Dijkxhoorn (Sep 07)
  - Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)
  - [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
  - Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
  - gftp Oscar Haeger (Sep 05)
    - Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
    - fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)
    - Re: fixing all buffer overflows --- random magin numbers Peter van Dijk (Sep 12)
    - Re: fixing all buffer overflows --- random magin numbers Eric Hutchinson (Sep 12)
    - Re: fixing all buffer overflows --- random magin numbers Daniel W. Dulitz x108 (Sep 13)
    - Enterprise Overflow Daniel Kerr (Sep 11)
    - Re: gftp - ms ftp debug mode Valentin (Sep 12)
    - Re: gftp - ms ftp debug mode Max Vision (Sep 12)
    - Linux 2.2.12 mini-audit Solar Designer (Sep 13)
    - Vulnerability in dtaction Job de Haas (Sep 13)
    - Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug UNYUN (Sep 12)
    - Accept overflow on Netscape Enterprise Server 3.6 SP2 Nobuo Miwa (Sep 12)
  - COM and Windows 2000 Mnemonix (Sep 05)

(Thread continues...)