Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Thu, 14 Aug 2003 11:44:13 +0200 (EEST)
On Wed, 13 Aug 2003, Patrick Dolan wrote:
There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will implement ProPolice stack protection. It should prevent stack smashing techniques.
ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/) is a great tool that not only protects the return address on the stack, but also changes the order of local variables and protects the function arguments! It's a way better protector than StackGuard and is a way more efficient than a "two stack approach", providing _almost_ as good protection, which sometimes is even better!!![1] [1]: it protects the local variables (pointer) and function arguments, which neither StagGuard nor StackShield ("two stack approach") do. -- Mariusz Wo³oszyn Internet Security Specialist, GTS - Internet Partners
Current thread:
- Re: Buffer overflow prevention, (continued)
- Re: Buffer overflow prevention Crispin Cowan (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention weigelt (Aug 15)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Jonathan A. Zdziarski (Aug 13)
- Re: Buffer overflow prevention Andreas Beck (Aug 14)
- Re: Buffer overflow prevention Jingmin (Jimmy) Zhou (Aug 13)
- Re: Buffer overflow prevention Craig Pratt (Aug 13)
- Re: Buffer overflow prevention Patrick Dolan (Aug 13)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- RE: Buffer overflow prevention Lance James (Aug 14)
- Re: Buffer overflow prevention Patrick Dolan (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
- Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Solar Designer (Aug 15)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Theo de Raadt (Aug 14)
(Thread continues...)