Full Disclosure mailing list archives
Re: Bypassing the new /GS protection in VC++ 7.1
From: trains () doctorunix com
Date: Fri, 19 Aug 2005 06:49:20 -0500
Quoting Valdis.Kletnieks () vt edu:
On Fri, 19 Aug 2005 12:17:25 +0800, leaf said:Hey, Buffer overflows will be harder and harder. Maybe game is over.The game will never be over. The best you can hope for is to find a cost-effective way to raise the bar high enough to keep the likelyhood that you'll get hacked down to an acceptable level.
There are a hundred (or more) ways to exploit a system. Even if /GS is 100% effective at preventing an executable stack segment, it simply means that one of the hundred openings is closed.
Buffer overruns will probably exist in some other DLL on the system and that will become the new infection vector.
I think it's a good thing, but its a very tiny step. I have been a systems programmer for more that 30 years, and I try to make my code as secure as possible. The code I wrote 15 years ago is probably completely exploitable by buffer overruns and who knows what else. The code I wrote last month would be much more difficult.
Consider this: The program that has no buffer overrun vulnerabilities got that way because a programmer cared enough and was skilled enough to do it right. What the /GS suggests (I am not on V7 yet, so I dont have first hand experience here) is that any slacker can cobble together a poorly concieved interface with no input checking and super weak security-by-obscurity, bloated cookies loaded with personal info, and still sleep nights knowing that his app is invulnerable.
Sounds good to me. By the way, if I do eventually upgrade to 7 I intend to figure out how to exploit the /GS, just cause I think it's cool.
tc ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: services () doctorunix com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Unicode Buffer Overflow in WinFtp Server 1.6.8 Donato Ferrante (Aug 17)
- Bypassing the new /GS protection in VC++ 7.1 D K (Aug 18)
- Re: Bypassing the new /GS protection in VC++ 7.1 leaf (Aug 18)
- Re: Bypassing the new /GS protection in VC++ 7.1 Valdis . Kletnieks (Aug 18)
- Re: Bypassing the new /GS protection in VC++ 7.1 trains (Aug 19)
- Re: Bypassing the new /GS protection in VC++ 7.1 leaf (Aug 18)
- Bypassing the new /GS protection in VC++ 7.1 D K (Aug 18)