[15956] in bugtraq
Re: StackGuard with ... Re: [Paper] Format bugs.
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Tue Jul 25 16:31:28 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20000725172055.20EF08A@proven.weird.com>
Date: Tue, 25 Jul 2000 13:20:55 -0400
Reply-To: "Greg A. Woods" <woods@weird.com>
From: "Greg A. Woods" <woods@weird.com>
X-To: Gerardo Richarte <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <397C8219.96E9F04C@core-sdi.com>
[ On Monday, July 24, 2000 at 14:51:43 (-0300), Gerardo Richarte wrote: ]
> Subject: Re: StackGuard with ... Re: [Paper] Format bugs.
>
> You don't need the number of arguments nor their types, you
> only need how much space they take from the stack (the same number
> that is subtracted from stack pointer after returning from a call).
Well if all you want to do is make sure you don't read past the end of
the stack frame when accessing your parameters....
You might be able to do that a lot more simply with a sophisticated
enough MMU, which aside from the fact it doesn't use hardware is, in
some respects, what I gather StackGuard does (it does integrity checks
on "canaries" littered through the stack fram after the fact rather than
directly preventing unauthorised access to the stack frame).
> It's true that something must be changed, but I don't think
> it to be too deep, isn't there already a special treatment for
> <stdarg.h>'s functions? All that needs to be added is pushing the
> number of bytes args are taking from stack as first argument, and the
> add some [C] code in <stdarg.h>'s functions. Am I wrong?
>
> In short: you don't need to know anything about types, and I'm
> pretty sure that, if you are not trying to do strange things, it'll
> not break any functionality.
Oh, on the contrary! In a loosely typed language with pointers, like C,
you do need to know the type of each parameter so that you don't fall
victim to other types of attacks.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
