Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: Crispin Cowan <crispin () WIREX COM>
Date: Sat, 16 Sep 2000 21:52:06 -0700
"Bluefish (P.Magnusson)" wrote:
But I'd wish to point to a flaws in the reasoning: - Attacker may have "unlimited" time - We may entirely be wrong about what system they will be use, perhaps they implement it on some super computer without modifying the source, we assumed "avarage" hardware only.
The important factor to consider here is that the guesses must run against the VICTIM's computer. You don't get to substitute arbitrarily fast hardware and skoosh down the attack time. Another factor to consider is that what you're doing in guessing at canary values is knocking over service daemons on someone's server. They may notice that the Foo Daemon (food :-) has re-set itself 19,485 times in the last 9 hours. If it is a StackGuarded program they're attacking, then syslog will be STUFFED with failed attempts. This attack will be noticed LONG before it succeeds. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org Olympics: The Corruption Games
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection typo (Sep 07)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 08)
- Re: stackguard-like embedded protection Hiroaki Etoh (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Hiroaki Etoh (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 16)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 16)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 17)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 18)
- The much popular t0rnkit. Masial (Sep 17)
- Re: The much popular t0rnkit. Neil Sequeira (Sep 19)
- Re: stackguard-like embedded protection antirez (Sep 13)