Bugtraq mailing list archives
Re: Buffer overflow prevention
From: Crispin Cowan <crispin () immunix com>
Date: Thu, 14 Aug 2003 15:42:41 -0700
Sam Baskinger wrote:
It sounds like array bounds checking would offer an almost equivalent effect. This would not stop mis-casting a struct and referencing out of it or similar casting+address calcuation errors. To prevent that you would need either a language that prevented the production of that sort of code or to solve the halting problem.Array bounds checking offers greater protection than any of these protections (StackGuard, ProPolice, PointGuard, W^X, PAX/ASLR, etc.) The problem is that the very fastest array bounds protection for C (Bounded Pointers) imposes a 5X slowdown on performance, where as these other techniques impose overheat somewhere between noise and 20%. See the comparison chart in the back of the PointGuard paper for a good comparison of these techniques:
"PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities". Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle. To appear at the 12^th USENIX Security Symposium <http://www.usenix.org/events/sec03/>, Washington DC, August 4-8, 2003. Paper <http://immunix.com/%7Ecrispin/pointguard_usenix_security2003.pdf> and Talk <http://immunix.com/%7Ecrispin/pointguard_usenix_security2003.ppt>. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
Current thread:
- Buffer overflow prevention Eygene A. Ryabinkin (Aug 13)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention weigelt (Aug 13)
- Re: Buffer overflow prevention Crispin Cowan (Aug 13)
- Re: Buffer overflow prevention Michal Zalewski (Aug 13)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 15)
- Re: Buffer overflow prevention weigelt (Aug 15)
- Re: Buffer overflow prevention Sam Baskinger (Aug 14)
- Re: Buffer overflow prevention Jonathan A. Zdziarski (Aug 13)
- Re: Buffer overflow prevention Andreas Beck (Aug 14)
- Re: Buffer overflow prevention Jingmin (Jimmy) Zhou (Aug 13)
- Re: Buffer overflow prevention Craig Pratt (Aug 13)
- Re: Buffer overflow prevention Patrick Dolan (Aug 13)
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
- Re: Buffer overflow prevention Crispin Cowan (Aug 14)
- Re: Buffer overflow prevention Peter Busser (Aug 15)
- <Possible follow-ups>
- RE: Buffer overflow prevention Lance James (Aug 14)
(Thread continues...)
- Re: Buffer overflow prevention Nicholas Weaver (Aug 13)