Bugtraq mailing list archives
Re: Libsafe Protecting Critical Elements of Stacks
From: andr () NIZHNY RU (Andrey Kolishak)
Date: Wed, 26 Apr 2000 14:55:51 +0400
JP> http://www.bell-labs.com/org/11356/html/security.html JP> It protects against stack-based attacks (buffer overruns, primarily), JP> which is the largest percentage of security holes. Easy to setup; JP> easy to install. I implemented protection from stack smashing for windows nt binary some time ago. As I see Bell's protection based on one of two technique that is used in my protection. But I very surprised that Bell's version is so limited decision this technique. They didn't use all possible features given method. For example, they limited vulnerable function list only ordinal: strcpy, strcat, sprintf and so on. However there are other potential vulnerable functions: strncpy, strncat, memcpy etc. Also isn't needed produce own implementation vulnerable functions but enough make integrity checks of local variable frame base or return address situated after this frame base after original function call. In my implementation is used patch export vulnerable functions of any DLL. Is planned implement patch statically linked functions (not exported) of standard C comlilers for NT. Test results were very successful. But protection doesn't work for binary compiled with some compiler optimization options when insead of ebp based offset is used direct esp based offset. Another technique of my protection is block exported functions call from writable memory areas. This method will allow reliable protect from existing but not from future exploits that know about given protect. Also universal exploit for every attacked box will not possible. -- Andrey Kolishak mailto:andr () sandy ru
Current thread:
- Libsafe Protecting Critical Elements of Stacks JEFF PFOHL (Apr 21)
- Re: Libsafe Protecting Critical Elements of Stacks Crispin Cowan (Apr 24)
- Re: Libsafe Protecting Critical Elements of Stacks Andrey Kolishak (Apr 26)
- Re: Libsafe Protecting Critical Elements of Stacks Andrey Kolishak (Apr 28)
- <Possible follow-ups>
- Re: Libsafe Protecting Critical Elements of Stacks Brandon S. Allbery KF8NH (Apr 25)