Vulnerability Development mailing list archives
Re: Anyone looked at the canary stack protection in Win2k3?
From: Mark Feldman <mkfeldman () myway com>
Date: 6 Aug 2003 10:05:18 -0000
In-Reply-To: <000101c34eaa$ecf34a80$0101a8c0@gfserver> Hi thomas There is no need for a tool like IDA pro when you've got source code available under your Visual C++ 7.0 CRT\SRC directory. The security check is enabled by adding the /GS option to the compiler's command line. These two links will explain microsoft's stack smashing protection: http://std.dkuug.dk/JTC1/SC22/WG21/docs/papers/2003/n1462.pdf http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dv_vstechart/html/vctchCompilerSecurityChecksInDepth.asp Regards, Mark Feldman <mkfeldman () myway com>
From: "Andrew Thomas" <andrew () generator co za> To: <vuln-dev () lists securityfocus com> Subject: Anyone looked at the canary stack protection in Win2k3? Date: Sun, 20 Jul 2003 12:37:03 +0200 I've looked a bit at a single disassembly that I got (IDA Pro) of the package. It's quite cute that MS have started creating a 'fix' to reduce the probability of programmatic errors in their code having as great an impact as they could. Any comments on their canary generator? It seems to generate enough randomness, with use of: GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter all nicely xor'ed together. But then again, I am not an expert in these matters.
Current thread:
- Re: Anyone looked at the canary stack protection in Win2k3? Mark Feldman (Aug 06)
- Re: Anyone looked at the canary stack protection in Win2k3? Ivan Arce (Aug 06)
- RE: Anyone looked at the canary stack protection in Win2k3? Jason Coombs (Aug 08)