[24323] in bugtraq
RE: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature
daemon@ATHENA.MIT.EDU (David LeBlanc)
Tue Feb 19 17:17:06 2002
From: "David LeBlanc" <dleblanc@mindspring.com>
To: "'Crispin Cowan'" <crispin@wirex.com>,
"'Brandon Bray'" <branbray@microsoft.com>
Cc: <bugtraq@securityfocus.com>
Date: Fri, 15 Feb 2002 09:06:01 -0800
Message-ID: <031101c1b643$0ca5efb0$0800a8c0@davenet.local>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <3C6C738F.50800@wirex.com>
> From: Crispin Cowan [mailto:crispin@wirex.com]
> Funnily enough, this book (published in November 2001)
> actually refers to the stack ornaments that provide for overflow
detection as
> "canaries," a term coined in the StackGuard 1998 paper. See
> the book's index and search for "canary"
> http://www.microsoft.com/mspress/books/index/5612.asp#Index
I can tell you why this occurred, as I'm the one who wrote that phrase.
I have followed Stackguard on this mailing list for quite some time
(dating back to well before I joined Microsoft), and I believe had a
brief conversation with you about it at USENIX. In fact, if you search
on "Cowan" or "Stackguard", you will also find a hit (in the same
paragraph, actually). It seemed to me to be an appropriate phrase to
describe the functionality.
The exact quote is:
"Tools exist to make static buffer overruns more difficult to exploit.
StackGuard, developed by Crispin Cowan and others, uses a test value -
known as a canary after the miner's practice of taking a canary into a
coal mine - to make a static buffer overrun much less trivial to
exploit. Visual C++ .NET incorporates a similar approach."
So the reason I used that exact term is because I was explicitly
mentioning your application and work. Although a fair bit of the content
of the book is Windows-centric, I tried to make the sections I wrote
which applied to all platforms as generic as possible. I felt it would
be a serious omission to write a chapter on buffer overruns and not
mention your work.
However, I do not work on the compiler team, and the /GS option was
implemented before I became aware of it. I have no idea what processes
went into that.
> If it was independent invention, there are a lot of
> surprising coincidences.
The mention of your name in "Writing Secure Code" is not at all related
to the implementation of the /GS option. I don't think you should find
it surprising to be mentioned in a chapter about buffer overruns. As a
former academic, I try and cite relevant work when writing about any
given area.
David LeBlanc
dleblanc@mindspring.com
