Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stackguard-like embedded protection

From: Crispin Cowan <crispin () WIREX COM>
Date: Sat, 16 Sep 2000 21:52:06 -0700
"Bluefish (P.Magnusson)" wrote:


But I'd wish to point to a flaws in the reasoning:
  - Attacker may have "unlimited" time
  - We may entirely be wrong about what system they will be use, perhaps
    they implement it on some super computer without modifying the source,
    we assumed "avarage" hardware only.


The important factor to consider here is that the guesses must run against the
VICTIM's computer.  You don't get to substitute arbitrarily fast hardware and
skoosh down the attack time.

Another factor to consider is that what you're doing in guessing at canary
values is knocking over service daemons on someone's server.  They may notice
that the Foo Daemon (food :-) has re-set itself 19,485 times in the last 9
hours.  If it is a StackGuarded program they're attacking, then syslog will be
STUFFED with failed attempts.

This attack will be noticed LONG before it succeeds.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
                Olympics:  The Corruption Games
Previous By Date Next
Previous By Thread Next

Current thread: