Firewall Wizards mailing list archives
Re: StackGuard
From: Crispin Cowan <crispin () cse ogi edu>
Date: Thu, 09 Jul 1998 09:24:58 -0700
Joseph S. D. Yao wrote:
btw did anybody look at StackGuard close enough to tell if it could be functional on *BSD systems?The cited Web page mentioned, off-hand, that Linux is "probably" a prerequisite. The compiler README says, more specifically: "I only tested for Redhat Linux 4.2 (linux kernel 2.0.30) on Intel x86's. I don't see much reason for it to care what Unix OS you have (must have signals, printf, syslog, and ... ?), but it definitely won't do anything for non x86 as only x86 instructions are emitted for canaries. The canary library is architecture independant [sic], but might be more sensitive to OS."
As in "we don't have any *BSD systems." No one has ever reported an attempt to use StackGuard on a BSD system to me, so I don't know what will happen. The biggest OS dependency in the compiler on the web page is that it wants to see /dev/urandom. The new version we're preparing to support shared libraries is definitely ELF-specific. The canary-checking code generator needs to know something about ELF to be able to generate relocatable canary-checking code.
Canaries, for those who didn't get the joke, are explained further in the README. The practice was hardly limited to the Welsh - it was done widely here in the States, too. [Welch is a grape products company, or something cads do with responsibilities, folks!]
And Welsh was spelled correctly in the paper :-) Canary may be a cutesy term, but I think of it as more of an analogy than a joke. StackGuard really does nothing to prevent the attacker's stack smash; it just makes the smash non-exploitable because the victim program checks the canary before it does a function return. Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science, OGI StackGuard: protect your software against Stack Smashing Attack http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ Support Justice: Boycott Windows 98
Current thread:
- Re: StackGuard ark (Jul 08)
- Re: StackGuard Joseph S. D. Yao (Jul 12)
- Re: StackGuard Crispin Cowan (Jul 12)
- Re: StackGuard Joseph S. D. Yao (Jul 12)