Vulnerability Development mailing list archives
Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)
From: William Robertson <wkr () cs ucsb edu>
Date: Tue, 20 May 2003 00:09:10 -0700
On 16 May 2003, xenophi1e [oliver.lavery () sympatico ca] wrote: | There are probably better schemes, but this has the nice property of | being something you could retrofit without breaking the world. Well, at | least something you could kinda retrofit if it weren't for some nasty | implementation details. Are there any products like StackGuard that do | something like this? | | Cheers, | ~x My apologies for jumping into this thread so late, but I'm still catching up on my list mail after being out of town last week. Anyway, some colleagues of mine and I will be presenting a paper on this topic at LISA 2003. We have an experimental patch for glibc which successfully detects and prevents heap-based buffer overrun exploits using a random XORed canary technique. It is fully backwards-compatible with existing software, requiring only a recompilation of glibc for system-wide coverage, and can also be used selectively using LD_PRELOAD tricks. We are also working on ports to the various *BSD allocators. We're currently running tests and gathering performance data for our paper, but if anyone is interested in helping to beta test and/or audit, feel free to email me offline. We are very interested in ironing out any kinks; based on our testing to date, we believe this is a viable approach to mitigating heap overrun exploits. -- | William Robertson | 0x4218A2A6 | wkr () cs ucsb edu |
Current thread:
- Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion) xenophi1e (May 16)
- Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion) William Robertson (May 20)