Bugtraq mailing list archives
Re: StackGuard with ... Re: [Paper] Format bugs.
From: "Greg A. Woods" <woods () weird com>
Date: Tue, 25 Jul 2000 13:20:55 -0400
[ On Monday, July 24, 2000 at 14:51:43 (-0300), Gerardo Richarte wrote: ]
Subject: Re: StackGuard with ... Re: [Paper] Format bugs. You don't need the number of arguments nor their types, you only need how much space they take from the stack (the same number that is subtracted from stack pointer after returning from a call).
Well if all you want to do is make sure you don't read past the end of the stack frame when accessing your parameters.... You might be able to do that a lot more simply with a sophisticated enough MMU, which aside from the fact it doesn't use hardware is, in some respects, what I gather StackGuard does (it does integrity checks on "canaries" littered through the stack fram after the fact rather than directly preventing unauthorised access to the stack frame).
It's true that something must be changed, but I don't think it to be too deep, isn't there already a special treatment for <stdarg.h>'s functions? All that needs to be added is pushing the number of bytes args are taking from stack as first argument, and the add some [C] code in <stdarg.h>'s functions. Am I wrong? In short: you don't need to know anything about types, and I'm pretty sure that, if you are not trying to do strange things, it'll not break any functionality.
Oh, on the contrary! In a loosely typed language with pointers, like C, you do need to know the type of each parameter so that you don't fall victim to other types of attacks. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <robohack!woods> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- Re: StackGuard with ... Re: [Paper] Format bugs., (continued)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dick St.Peters (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Hannah Schröter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Stephen J. Friedl (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
- Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 24)
- Chasing bugs / vulnerabilties Michael S Hines (Jul 24)
- Re: Chasing bugs / vulnerabilties Kurt Seifried (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Pascal Bouchareine (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format Ronald Huizer [Crew] (Jul 24)
- More bad censorware John Pettitt (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)