Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Stephen Clowater <steve () stevesworld hopto org>
Date: Thu, 14 Aug 2003 14:12:14 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On August 14, 2003 06:44 am, Mariusz Woloszyn wrote:
On Wed, 13 Aug 2003, Patrick Dolan wrote:There is a flag for the Gnu C/C++ compilers, -fstack-protector, that will implement ProPolice stack protection. It should prevent stack smashing techniques.ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/) is a great tool that not only protects the return address on the stack, but also changes the order of local variables and protects the function arguments! It's a way better protector than StackGuard and is a way more efficient than a "two stack approach", providing _almost_ as good protection, which sometimes is even better!!![1]
GRsecurity is a kernel patch wich allows such things as random memallc bases and random tcp stacks, as well as a non-executeable stack if you can manage this (not to mention a utility to change the PAX flags for indidual binarys that may need executable stack). This would work much better because it dosnt need to be compiled into anything but the kernel. If you turn on GRsecurty's randomizations for memory addresses and tcp stacks (wich I have tested, you can do this safely without breaking any software). If you do this, then a attacker trying to overflow a return address has a 1 in 2^32 chance of the exploit actually overflowing the address. You can do this and not have any impact on speed, and all of your software is protected with this level without having to recompile with a gcc flag. Also, you can use chpax, and turn on a non-executable stack, and with a small amount of voodoo (in tracking down the binarys and .so's that need the stack, wich typically is only a single binary or .so file, wich you can find with ptrace, strace, or ltrace) you can have all of your stuff run with a non-executeable stack, thus making stack smashing impossible. Nothing can execute off your stack so a malicous person can override all the addresses he wants, his code cant run off your stack. This can be implemented even on desktop machines. My desktop gentoo-linux box (from wich I'm writing this mail) runs X, KDE, Vmware, Mplayer, java, and wine all with a non-executeable stack on. Altho, you will have to make a few ammendments to the c code in the .wmv codecs in Mplayer in order to get them to run.
[1]: it protects the local variables (pointer) and function arguments, which neither StagGuard nor StackShield ("two stack approach") do. -- Mariusz Wo³oszyn Internet Security Specialist, GTS - Internet Partners
- - -- - - - ***************************************************************************** * Stephen Clowater Farnsworth: Oh my God!! Fry: What is it? Farnsworth: It's..It's...It's my new pager! The 3 case C++ function to determine the meaning of life: char *meaingOfLife(){ #ifdef _REALITY_ char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? /dev/null:/dev/random); #endif #ifdef _POLITICALY_CORRECT_ char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom"); #endif #ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_ cout << "Sending Income Data From Hard Drive Now!\n"; System("dd if=/dev/urandom of=/dev/hda"); #endif return Meaning_of_your_life; } ***************************************************************************** - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/O8KocyHa6bMWAzYRAo+QAJ9TTVGLFnE1rJcJSQ/cu4eB3GPwlACgjEdN 8GASTM53VqWsB5CueRj1LkQ= =2qSZ - -----END PGP SIGNATURE----- - ------------------------------------------------------- - -- - - ****************************************************************************** Stephen Clowater Farnsworth: Oh my God!! Fry: What is it? Farnsworth: It's..It's...It's my new pager! The 3 case C++ function to determine the meaning of life: char *meaingOfLife(){ #ifdef _REALITY_ char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? /dev/null:/dev/random); #endif #ifdef _POLITICALY_CORRECT_ char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom"); #endif #ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_ cout << "Sending Income Data From Hard Drive Now!\n"; System("dd if=/dev/urandom of=/dev/hda"); #endif return Meaning_of_your_life; } ***************************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/O8LucyHa6bMWAzYRAh66AJ4vJor84jQ4FmMLogxl8eIyXJW0NACfa3pb RYL140P9nBK+QkG06L59uJ0= =/nzR -----END PGP SIGNATURE-----
Current thread:
- Re: Buffer overflow prevention, (continued)
- Re: Buffer overflow prevention Andreas Beck (Aug 14)
- Re: Buffer overflow prevention Jingmin (Jimmy) Zhou (Aug 13)
- Re: Buffer overflow prevention Craig Pratt (Aug 13)
- Re: Buffer overflow prevention Patrick Dolan (Aug 13)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- RE: Buffer overflow prevention Lance James (Aug 14)
- Re: Buffer overflow prevention Patrick Dolan (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
- Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Solar Designer (Aug 15)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Theo de Raadt (Aug 14)
- Re: Buffer overflow prevention Matt D. Harris (Aug 14)
- Re: Buffer overflow prevention sauron (Aug 14)
- Re: Buffer overflow prevention Timo Sirainen (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- Re: Buffer overflow prevention Theo de Raadt (Aug 14)
- Re: Buffer overflow prevention Jedi/Sector One (Aug 14)