Re: Buffer overflow prevention

From: Jedi/Sector One (
Date: 08/14/03

  • Next message: Brian Glover: "RE: Buffer overflow prevention"
    Date: Thu, 14 Aug 2003 20:47:21 +0200
    To: Mariusz Woloszyn <>

    On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote:
    > What we're discussing here is an internal structures and data protecting.
    > IMHO the ProPolice (,
    > is the best protection in this kind, even comparing to "two stack"
    > approach.

      ProPolice is not magical, though. There are plenty of cases where it is
    totally inefficient. To illustrate a very common one :

    #include <string.h>

    struct Test {
            char str[5];

    int main(void)
            struct Test x;
            return 0;

      Propolice doesn't see anything wrong and eip happily goes to 0x41414141.
      Propolice also doesn't give any protection against heap overflows.
      So the best protection is probably Propolice + non exec stack + write xor
    executable pages. Oh, surprise, this is just how OpenBSD works.

      This is still not a magical protection against everything. A vulnerable
    application can still behave abnormally after an overflow. But this couple
    makes injection + execution of arbitrary code way more tricky.

      The only way to sleep quietly is still to audit the code at the first place.

     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/     Secure FTP Server     \' /
      \/   Misc. free software   \/

  • Next message: Brian Glover: "RE: Buffer overflow prevention"