Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: Crispin Cowan <crispin () WIREX COM>
Date: Tue, 5 Sep 2000 19:15:03 -0700
typo () INFERNO TUSCULUM EDU wrote:
On Tue, Sep 05, 2000 at 11:21:20AM +0200, Bluefish (P.Magnusson) wrote:From what I remember from bugtraq, it seems to be quite tricky to providea good patch to this problem. So I wonder, has any of these tools (ProPolice, libsafe, StackGuard or StackShield) added anything to combat formatation bugs, or if it's an active research area.where's the need for research? i've made glibc rpms without %n the day the first format bugs went to bugtraq, and had them installed on all of my [linux] machines since then...
Deleting a feature found to be vulnerable is called a "workaround", not a "solution". Cursory checking of source code reveals %n being used in at least these programs: * BitchX - an irc client * Nedit - a program editor * SourceNavigator - a program editor / IDE / Debugger
does every stupid idea have to be marketed as 'research' nowadays?
And a cheery "greetz" to you, too :-) I think it is research to come up with a solution that makes the format class of bugs go away without having to audit or hack 10 million lines of source code, but I'm strange that way. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org Olympics: The Corruption Games
Current thread:
- stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection antirez (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection typo (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection Benjamin Karas (Sep 05)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection Juliano Rizzo (Sep 06)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection H D Moore (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Slawek (Sep 07)
- Re: stackguard-like embedded protection antirez (Sep 04)