Re: stackguard-like embedded protection

[Crispin Cowan <crispin () WIREX COM>]

typo () INFERNO TUSCULUM EDU wrote:

> On Tue, Sep 05, 2000 at 11:21:20AM +0200, Bluefish (P.Magnusson) wrote:
> > > From what I remember from bugtraq, it seems to be quite tricky to provide
> > a good patch to this problem. So I wonder, has any of these tools
> > (ProPolice, libsafe, StackGuard or StackShield) added anything to
> > combat formatation bugs, or if it's an active research area.
>
> where's the need for research? i've made glibc rpms without %n the day
> the first format bugs went to bugtraq, and had them installed on all of my
> [linux] machines since then...

Deleting a feature found to be vulnerable is called a "workaround", not a
"solution".  Cursory checking of source code reveals %n being used in at least
these programs:

   * BitchX - an irc client
   * Nedit - a program editor
   * SourceNavigator - a program editor / IDE / Debugger

> does every stupid idea have to be marketed as 'research' nowadays?

And a cheery "greetz" to you, too :-)  I think it is research to come up with a
solution that makes the format class of bugs go away without having to audit or
hack 10 million lines of source code, but I'm strange that way.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
                Olympics:  The Corruption Games