[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Buffer overflow prevention
- To: Mariusz Woloszyn <emsi@ipartners.pl>
- Subject: Re: Buffer overflow prevention
- From: Jedi/Sector One <j@pureftpd.org>
- Date: Thu, 14 Aug 2003 20:47:21 +0200
On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote:
> What we're discussing here is an internal structures and data protecting.
> IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/),
> is the best protection in this kind, even comparing to "two stack"
> approach.
ProPolice is not magical, though. There are plenty of cases where it is
totally inefficient. To illustrate a very common one :
#include <string.h>
struct Test {
char str[5];
};
int main(void)
{
struct Test x;
strcpy(x.str, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
return 0;
}
Propolice doesn't see anything wrong and eip happily goes to 0x41414141.
Propolice also doesn't give any protection against heap overflows.
So the best protection is probably Propolice + non exec stack + write xor
executable pages. Oh, surprise, this is just how OpenBSD works.
This is still not a magical protection against everything. A vulnerable
application can still behave abnormally after an overflow. But this couple
makes injection + execution of arbitrary code way more tricky.
The only way to sleep quietly is still to audit the code at the first place.
--
__ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/