Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stackguard-like embedded protection

From: Benjamin Karas <bjk4 () PO CWRU EDU>
Date: Wed, 6 Sep 2000 00:15:19 -0400
On Tue, 5 Sep 2000 typo () INFERNO TUSCULUM EDU wrote:


where's the need for research? i've made glibc rpms without %n the day
the first format bugs went to bugtraq, and had them installed on all of my
[linux] machines since then...


I think the idea is that each time we patch against stack overflows,
formatting errors, etc., we are just making cracking harder.  No matter
what we do, if someone types AUTH_SUCCESS where they meant to type
AUTH_FAILURE, there will be a programming error that someone can exploit.
No tool will prevent such an error.

In the end, we are in a race to make it as hard as possible to introduce
an exploitable bug into a program.  That is why tools like StackGuard and
libsafe are still useful, though not complete.  One idea I'm in favor of
is to change the semantics of the library calls to make exploitable errors
more difficult.

Benjamin Karas
bjk4 () po cwru edu
Previous By Date Next
Previous By Thread Next

Current thread: