[11939] in bugtraq
Re: fixing all buffer overflows --- random magin numbers
daemon@ATHENA.MIT.EDU (Oliver Xymoron)
Fri Sep 17 15:45:50 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9909171057340.971-100000@waste.org>
Date: Fri, 17 Sep 1999 11:06:38 -0500
Reply-To: Oliver Xymoron <oxymoron@WASTE.ORG>
From: Oliver Xymoron <oxymoron@WASTE.ORG>
X-To: Crispin Cowan <crispin@CSE.OGI.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <37DD927B.9003E6C6@cse.ogi.edu>
On Tue, 14 Sep 1999, Crispin Cowan wrote:
> (post sent as HTML and ASCII because there's a table that's easier to read
> in HTML. Aleph, go ahead and nuke the HTML if you prefer)
Urg. Pine happily munged it on reply:
> The result looks like this:
>
> Interface Implementation
>
> Restriction * Firewalls * Bounds checking
> * TCP Wrappers * StackGuard
> * Randomly renaming system files
> * Randomly renumbering system
> Permutation calls (the hack proposed here * Randomly munging
> by Maniscalco) data layout
> * Fred Cohen's Deception Toolkit
You missed a couple interesting ones. One is randomly offsetting the
stack. Another is having separate stacks for the call chain and local
variables. Obviously wastes a register (or an indirection), but can
probably be proved secure against stack smashing.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
