Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)

[William Robertson <wkr () cs ucsb edu>]

On 16 May 2003, xenophi1e [oliver.lavery () sympatico ca] wrote:
| There are probably better schemes, but this has the nice property of
| being something you could retrofit without breaking the world. Well, at
| least something you could kinda retrofit if it weren't for some nasty
| implementation details. Are there any products like StackGuard that do
| something like this?
| 
| Cheers,
| ~x

My apologies for jumping into this thread so late, but I'm still catching
up on my list mail after being out of town last week.  Anyway, some
colleagues of mine and I will be presenting a paper on this topic at LISA
2003.  We have an experimental patch for glibc which successfully detects
and prevents heap-based buffer overrun exploits using a random XORed canary
technique.  It is fully backwards-compatible with existing software,
requiring only a recompilation of glibc for system-wide coverage, and can
also be used selectively using LD_PRELOAD tricks.  We are also working on
ports to the various *BSD allocators.

We're currently running tests and gathering performance data for our paper,
but if anyone is interested in helping to beta test and/or audit, feel free
to email me offline.  We are very interested in ironing out any kinks;
based on our testing to date, we believe this is a viable approach to
mitigating heap overrun exploits.

-- 
| William Robertson | 0x4218A2A6 | wkr () cs ucsb edu |