[31182] in bugtraq
Re: Buffer overflow prevention
daemon@ATHENA.MIT.EDU (Jedi/Sector One)
Thu Aug 14 16:39:24 2003
Date: Thu, 14 Aug 2003 20:47:21 +0200
From: Jedi/Sector One <j@pureftpd.org>
To: Mariusz Woloszyn <emsi@ipartners.pl>
Message-ID: <20030814184743.GA3715@c9x.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.50.0308141926230.2830-100000@dzyngiel.ipartners.pl>
On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote:
> What we're discussing here is an internal structures and data protecting.
> IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/),
> is the best protection in this kind, even comparing to "two stack"
> approach.
ProPolice is not magical, though. There are plenty of cases where it is
totally inefficient. To illustrate a very common one :
#include <string.h>
struct Test {
char str[5];
};
int main(void)
{
struct Test x;
strcpy(x.str, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
return 0;
}
Propolice doesn't see anything wrong and eip happily goes to 0x41414141.
Propolice also doesn't give any protection against heap overflows.
So the best protection is probably Propolice + non exec stack + write xor
executable pages. Oh, surprise, this is just how OpenBSD works.
This is still not a magical protection against everything. A vulnerable
application can still behave abnormally after an overflow. But this couple
makes injection + execution of arbitrary code way more tricky.
The only way to sleep quietly is still to audit the code at the first place.
--
__ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
