Bugtraq mailing list archives
Re: Future of buffer overflows ?
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 30 Oct 2000 19:52:17 +0100
On Mon, 30 Oct 2000, Thomas Dullien wrote:
Well, I assume you all have read the PaX paper at pageexec.virtualave.net. So it is possible to have readable, non-executable memory pages, at a not too bad performance hit of up to 10%. This is very cool. The traditional way of exploiting buffer overruns and format string vulnerabilities are pretty much non-functional if the OS kernel can ensure no writable page can be executed. Does this mean buffer overflows and format string vulnerabilities are dead ?
Code is always executable. Traditional function calling convention uses stack to pass function parameters. Stack overwrite vulnerabilities are not dead as long as stack is used to store local buffer variables and there is no range checking. The same applies to heap buffer overflows. There is no need to execute code passed on stack. Just it is the simpliest and most accurate way. All techniques - libsafe, StackGuard, PaX, etc - are still only a workarounds, not a solutions. You might want to take a look at http://agt.buka.org - our almost completed new approach to programming in untrusted, distributed environments. Code will be released in a few days, and right now you might want to read the concepts :)
So it raises the bar for us all :) but just might make writing exploits an interesting business again.
:) Thanks god. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: Future of buffer overflows ? Granquist, Lamont (Nov 03)
- <Possible follow-ups>
- Re: Future of buffer overflows ? Darren Reed (Nov 03)
- Re: Future of buffer overflows ? Michal Zalewski (Nov 03)
- Re: Future of buffer overflows ? Crispin Cowan (Nov 03)
- Re: Future of buffer overflows ? tseeker (Nov 03)
- Re: Future of buffer overflows ? Gerardo Richarte (Nov 03)
- Re: Future of buffer overflows ? Gerardo Richarte (Nov 03)