[11658] in bugtraq
Re: Stack Shield: defending from "stack smashing" attacks
daemon@ATHENA.MIT.EDU (Tobias Haustein)
Thu Sep 2 19:45:54 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=3VRmKSg17yJg2MZg; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <19990901094050.H16402@informatik.rwth-aachen.de>
Date: Wed, 1 Sep 1999 09:40:50 +0200
Reply-To: Tobias Haustein <haustein@INFORMATIK.RWTH-AACHEN.DE>
From: Tobias Haustein <haustein@INFORMATIK.RWTH-AACHEN.DE>
X-To: Crispin Cowan <crispin@cse.ogi.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <37CC0D31.55882224@cse.ogi.edu>; from Crispin Cowan on Tue,
Aug 31, 1999 at 05:13:21PM +0000
--3VRmKSg17yJg2MZg
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
* Crispin Cowan (crispin@cse.ogi.edu) [990831 19:15]:
> How do you make room for the extra code in prolog & epilog without re-lin=
king
> the entire program?
The translator needs to generate new code that has adapted jump
addresses to the new code locations. This is not hard as long as you
detect the whole program code and there are no jump tables. In fact,
there are such tables in most programs, therefore you need a runtime
environment which translates the jump addresses on the fly. This can
be done efficiently using a perfect hash table. The problem with this
approach is, that such dynamic jumps are even more costly. Then, there=20
are some other problems, because some programs mix code and data in
one segment, so the program needs to access the original text segment
in addition to the newly created one. After all, it is not easy, but
possible. The people who designed Etch even made Microsoft Word
running after translation. That seems to be a good proof of concept to=20
me, since Word is some really big application.=20
> That it's a lot of work to do binary translation is what motivated us to
> implement StackGuard in the compiler :-)
Yeah, of course. Compiler is easy ;-)
> A StackGuard-like tool that worked on binaries would in fact be a major
> advantage, especially if it could work on stripped binaries (the kind you=
get
> from closed-source vendors). It would also be a LOT of work.
That's the problem. I'm not sure whether I continue on this project,
since it is possibly too large for one person. If I get my hands on
some binary translator, I'll try to do it, anyway.=20
Ciao,
Tobias
BTW: Why hasn't my last post shown up in Bugtraq, yet? Am I making
some mistake?
--=20
Dipl. Inform. Tobias Haustein
Department of Computer Science IV, Aachen University of Technology
Ahornstr. 55, D-52056 Aachen
Phone +49 (241) 80-21417, Fax +49 (241) 8888-220
E-Mail haustein@informatik.rwth-aachen.de
Web http://www-i4.informatik.rwth-aachen.de/~haustein/
--3VRmKSg17yJg2MZg
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: MXIjK1y5AJDTh0idJeOuWzfkF1B7hWuD
iQEVAwUBN8zYgRs02tO3FOYBAQECMAgAoR0QoTr51ndLkxJ7BfwcepYl6kYJK8aT
cyJorfA6zcM2cPv5rcb9wJxlWUQc44WnyMHzBwl3WpDt7MyUZGoEbtNP95vrhf2k
CZ7T3GKXBOq4JVWRfAdK2gwIyIAmxmYaBu1OUa6DJRquJUEePzli8Jo6W6hLHQks
HBkXjH/67RoXoW07UPd8afjrHxRUuzZjkepG7E1z4P2L5zlRSqNko+MHhPYeXzi9
d3wbhCwYRQq63qQz7sVG7x6U4eJlfkOaYHGTA63y61/wRmenuOxLKt+Yf1+VlYaY
458N4ldp3howUXTXsTJLgjsY5OGUW8hSSTIjufgZkSSfEY/VhsyfkQ==
=bfQu
-----END PGP SIGNATURE-----
--3VRmKSg17yJg2MZg--
