Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: Benjamin Karas <bjk4 () PO CWRU EDU>
Date: Wed, 6 Sep 2000 00:15:19 -0400
On Tue, 5 Sep 2000 typo () INFERNO TUSCULUM EDU wrote:
where's the need for research? i've made glibc rpms without %n the day the first format bugs went to bugtraq, and had them installed on all of my [linux] machines since then...
I think the idea is that each time we patch against stack overflows, formatting errors, etc., we are just making cracking harder. No matter what we do, if someone types AUTH_SUCCESS where they meant to type AUTH_FAILURE, there will be a programming error that someone can exploit. No tool will prevent such an error. In the end, we are in a race to make it as hard as possible to introduce an exploitable bug into a program. That is why tools like StackGuard and libsafe are still useful, though not complete. One idea I'm in favor of is to change the semantics of the library calls to make exploitable errors more difficult. Benjamin Karas bjk4 () po cwru edu
Current thread:
- stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection antirez (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection typo (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection Benjamin Karas (Sep 05)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection Juliano Rizzo (Sep 06)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection H D Moore (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Slawek (Sep 07)
- Re: stackguard-like embedded protection antirez (Sep 04)