[33438] in bugtraq
Re: http://www.smashguard.org
daemon@ATHENA.MIT.EDU (Leon Harris)
Thu Feb 5 04:22:48 2004
Message-ID: <40208285.5040707@quoll.com>
Date: Wed, 04 Feb 2004 13:26:29 +0800
From: Leon Harris <leon@quoll.com>
MIME-Version: 1.0
To: Hilmi Ozdoganoglu <cyprian@purdue.edu>
Cc: bugtraq@securityfocus.com
In-Reply-To: <Pine.SOL.4.51.0401301832480.25081@herald.cc.purdue.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Interesting paper.
Certain apps (notably java virtual machines) manipulate stack return
addresses. I understood that one of the advantages of Immunix's product
StackGuard was that you could still run these types of apps by
statically linking them against a normal libc (and chrooting them or
otherwise confining them). If the protection is mandatory, and in
hardware, then surely these types of app wont work.
Cheers,
Leon
Hilmi Ozdoganoglu wrote:
> SmashGuard is a hardware-based solution developed at Purdue
>University to prevent Buffer-Overflow Attacks realized by overwriting the
>Function Return Address (patent-pending). The design of SmashGuard is a
>kernel patch that supports CPUs modified to support SmashGuard protection.
>
> For details please refer to the TechReports at:
>
> http://www.smashguard.org
>
> In addition to details of SmashGuard, the site serves as a comprehensive
>resource for buffer overflow attacks/prevention/detection. On "the buffer
>overflow page" we provide links to research papers, known exploits, safer
>C languages, patents, audit tools and more. If you can think of a site or
>resource that should be added please send email to our webmaster
>(cyprian@purdue.edu)
>
>-SmashGuard Group
>
