Re: Buffer overflow prevention

From: Jedi/Sector One (j_at_pureftpd.org)
Date: 08/14/03

  • Next message: Brian Glover: "RE: Buffer overflow prevention"
    Date: Thu, 14 Aug 2003 20:47:21 +0200
    To: Mariusz Woloszyn <emsi@ipartners.pl>
    
    

    On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote:
    > What we're discussing here is an internal structures and data protecting.
    > IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/),
    > is the best protection in this kind, even comparing to "two stack"
    > approach.

      ProPolice is not magical, though. There are plenty of cases where it is
    totally inefficient. To illustrate a very common one :

    #include <string.h>

    struct Test {
            char str[5];
    };

    int main(void)
    {
            struct Test x;
            strcpy(x.str, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
            
            return 0;
    }

      Propolice doesn't see anything wrong and eip happily goes to 0x41414141.
      
      Propolice also doesn't give any protection against heap overflows.
      
      So the best protection is probably Propolice + non exec stack + write xor
    executable pages. Oh, surprise, this is just how OpenBSD works.

      This is still not a magical protection against everything. A vulnerable
    application can still behave abnormally after an overflow. But this couple
    makes injection + execution of arbitrary code way more tricky.

      The only way to sleep quietly is still to audit the code at the first place.
      

    -- 
     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/     Secure FTP Server     \' /
      \/   Misc. free software   \/
    

  • Next message: Brian Glover: "RE: Buffer overflow prevention"