Re: http://www.smashguard.org

From: Seth Arnold (sarnold_at_wirex.com)
Date: 02/05/04

Next message: Martin Schulze: "[SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities"

Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:02.shmat"
In reply to: Leon Harris: "Re: http://www.smashguard.org"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 5 Feb 2004 10:06:03 -0800
To: bugtraq@securityfocus.com

On Wed, Feb 04, 2004 at 01:26:29PM +0800, Leon Harris wrote:
> Certain apps (notably java virtual machines) manipulate stack return
> addresses. I understood that one of the advantages of Immunix's product
> StackGuard was that you could still run these types of apps by
> statically linking them against a normal libc (and chrooting them or
> otherwise confining them). If the protection is mandatory, and in
> hardware, then surely these types of app wont work.

Leon, the limitations with StackGuard and Java Just in Time compilers
and virtual machines have been removed with newer versions of
StackGuard. StackGuard 2, based on egcs (gcc 2.91.66), had an unfortunate
location in the stack layout for the canary which caused problems for
applications that 'knew' the stack layout well enough to introspect
the stack.

Newer versions of StackGuard have since remedied the location of the
canary (to be more secure, while we're at it) such that applications that
are stack-introspective no longer need to be patched to know a 'new'
stack layout. StackGuard 3 uses a better location that is transparent
to gdb, mozilla, JITs, etc.

Of course, I don't want to say what forms of applications may or may not
run on a SmashGuard system; however, the JVMs and JITs may or may not
function on SmashGuard on their own merits -- it was a limitation of
earlier StackGuard releases that caused problems for JVMs, JITs, gdb,
mozilla, etc.

Further information on StackGuard 3 may be found at:
http://immunix.org/stackguard.html

More information will be posted to this page as StackGuard continues
development, and we will periodically announce new developments to the
low traffic immunix-announce mail list:
http://mail.immunix.com/mailman/listinfo/immunix-announce

Thanks Leon

-- 
Immunix Secured Linux Distribution: http://immunix.org/

application/pgp-signature attachment: stored

Next message: Martin Schulze: "[SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities"

Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:02.shmat"
In reply to: Leon Harris: "Re: http://www.smashguard.org"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: avoiding stackguard
... Vallez appears to be using "stackguard" generically to refer to stack ... >All we have listened about stack protections. ... In this code im using pieces of code of ntdll for doing my ...
(Bugtraq)
Re: Base system with gcc stack-smashing protector
... > against stack smashing attack. ... > powerpc. ... StackGuard and StackShield." ...
(FreeBSD-Security)
Re: http://www.smashguard.org
... Certain apps manipulate stack return ... StackGuard was that you could still run these types of apps by ... >kernel patch that supports CPUs modified to support SmashGuard protection. ... > In addition to details of SmashGuard, the site serves as a comprehensive ...
(Bugtraq)