[31215] in bugtraq
Re: Buffer overflow prevention
daemon@ATHENA.MIT.EDU (Gerhard Strangar)
Fri Aug 15 13:47:37 2003
Message-Id: <200308142228.h7EMSRam016541@postman.arcor.de>
Date: Fri, 15 Aug 2003 00:19:34 +0200
From: Gerhard Strangar <gerhard@brue.net>
MIME-Version: 1.0
To: Theo de Raadt <deraadt@cvs.openbsd.org>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms26B086DDCF7B2FE12CAC155C"
--------------ms26B086DDCF7B2FE12CAC155C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Theo de Raadt wrote:
> But then a problem shows up. When you use shared libraries, you end
> up with code followed by data followed by code followed by data etc.
> Since you only have one line you can draw in the address space,
> clearly you can't make this work!
Do you know the DOS EXE format? The File contains Code using Offsets in
different Segments. The Loader may move any Segment to any location in
the available memory. To make this possible, the EXE file contains a
relocation table of offsets in the code segment(s) that have to be
modified after loading the segments into memory.
This could be don to shared libraries, too.
> In OpenBSD, we've done steps up to 4.
Okay, this means you have already implemented what I meant.
--
* Origin: (2:2480/8057.2)
--------------ms26B086DDCF7B2FE12CAC155C
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIFuAYJKoZIhvcNAQcCoIIFqTCCBaUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
A1YwggNSMIICu6ADAgECAg5V9QAAAALgEwKXU12x8zANBgkqhkiG9w0BAQQFADCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDExMDEyMzM1MFoXDTA0MDExMDEyMzM1MFow
STELMAkGA1UEBhMCREUxGTAXBgNVBAMTEEdlcmhhcmQgU3RyYW5nYXIxHzAdBgkqhkiG9w0B
CQEWEGdlcmhhcmRAYnJ1ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMkhtzh2
tEwosDhpUDfDsKReDv42GK3AXn4rK5E2Vs3NwlX7xiM2qvAArY0HhtSeUo52m56CyCfEPZSN
Hri+G/dDch5Jcq4QBHuMm0kl4J6UZsK3hkNKcatHT3VIpe8EsgV6Ij2rgpsvFRAnT7wYgJ0q
5T/XuIdB9hsSAQCehgx7AgMBAAGjgcgwgcUwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC
BeAwMwYJYIZIAYb4QgEIBCYWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5l
czARBglghkgBhvhCAQEEBAMCBaAwXQYJYIZIAYb4QgEDBFAWTmh0dHBzOi8vd3d3LnRydXN0
Y2VudGVyLmRlL2NnaS1iaW4vY2hlY2stcmV2LmNnaS81NUY1MDAwMDAwMDJFMDEzMDI5NzUz
NURCMUYzPzANBgkqhkiG9w0BAQQFAAOBgQCCOXasggxtiLBT4j9RRzhfKvMj9Bsvfs22pSTD
IsktyTN6L/fAEIsXsTJSkGsvEPBxLoRL9ScZ46nj1s24bVayubFehgqX15GNq7I8TkH5ey46
GWD8nJZmq6bq33hlM3cDBPPhlSECYXVNFTwCjdLhV0qB7Q2Nz736fBWnHWP2DjGCAiowggIm
AgEBMIHPMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFt
YnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0
d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBDQTEpMCcGCSqG
SIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUCDlX1AAAAAuATApdTXbHzMAkG
BSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MDMwODE0MjIxOTM1WjAjBgkqhkiG9w0BCQQxFgQUT1D1PH7AP1jcUcAq8qw7+IfpOmgwUgYJ
KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYC9JA4l66VTM4jY
itnVbRUhToFrX1DxYTvUqf2b9UySoEjx8B5rJanKm3aFXVo+YTzwb2ZK2dCvEMObqhVPVq53
w+yehaVx/5XpwrdLTpxhI/YYadzH+c+zL3AJCvxy2M70xBeCajEJEk39F9aSGruos0daqcOK
440C9rApEhZIYQ==
--------------ms26B086DDCF7B2FE12CAC155C--
