Re: stackguard-like embedded protection

[Juliano Rizzo <jrz () MAIL RU>]

Date sent:              Tue, 5 Sep 2000 17:09:20 +0200
Send reply to:          typo () INFERNO TUSCULUM EDU
From:                   typo () INFERNO TUSCULUM EDU
Subject:                Re: stackguard-like embedded protection
Originally to:          "Bluefish (P.Magnusson)" <11a () GMX NET>
To:                     VULN-DEV () SECURITYFOCUS COM

[..]
> where's the need for research? i've made glibc rpms without %n the day
> the first format bugs went to bugtraq, and had them installed on all of my
> [linux] machines since then...

You didn't fix the whole problem in that way.
Did you patch the glibc's printf internal overflows?
Did you delete de %s functionality too? how do you protect from
exploiting format strings to read data from memory?
Doesn't any program use the %n or %hn?

That could be an "emergency fix", not a real solution.

> does every stupid idea have to be marketed as 'research' nowadays?

--
Juliano Rizzo <juliano () core-sdi com>
http://www.core-sdi.com

julianor.tripod.com