Bugtraq mailing list archives
Re: Libsafe Protecting Critical Elements of Stacks
From: emsi () IT PL (Mariusz Woloszyn)
Date: Thu, 4 May 2000 12:06:21 +0200
On Tue, 25 Apr 2000, Crispin Cowan wrote:
JEFF PFOHL wrote:Does anyone know anything about this? http://www.bell-labs.com/org/11356/html/security.htmlSolar Designer has posted his analysis to the Linux security-audit mailing list http://www2.merton.ox.ac.uk/~security/security-audit-200004/0069.html . Perry Wagle (principle StackGuard developer, cc'd) has written an analysis comparing StackGuard to libsafe (attached). The summary is as follows: * Use StackGuard where you can, because it is safer: o Libsafe only wraps selected string library functions. Buffer overflows affecting other library functions or user-written loops will not be protected o Libsafe attempts to wrap these functions by parsing the stack, but it doesn't always succeed. In particular, libsafe depends on the existance of the frame pointer, and fails when it isn't present, as happens if the code was compiled with -fno_fp, or if the optimizer removed the frame pointer. * Use Libsafe where you cannot use StackGuard, i.e. for binary-only applications.
Most of what we presented in Phrack article (http://phrack.infonexus.com/search.phtml?view&article=p56-5) works against libsafe as it protects only RET value using frame pointer to determine place of local variables. Is there any compilation time tool (could be lots of macros ;)that uses buffer size declarations to protect against overflows? -- Mariusz Wo³oszyn Internet Security Specialist, Internet Partners, GTS Poland
Current thread:
- Re: Libsafe Protecting Critical Elements of Stacks Mariusz Woloszyn (May 04)