Re: Easily and Permanently prevent all stack buffer overflows
- From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxx>
- Date: Wed, 14 Nov 2007 20:46:00 GMT
Wayne wrote:
xi4oyu wrote:
On 11 14 , 12 31 , Wayne <nos...@xxxxxxxxxxxxxx> wrote:
I've often wondered why Linux (or any OS) puts up with
stack buffer overflows. They only happen because
the stack grows in one direction and buffers grow
in the other:
+----------------------------------------------------+
| unused stack space | buf | ... | return_addr | ... |
+----------------------------------------------------+
Lower memory address ----> Higher memory address
where buf is some local char array. A buffer
overflow (in the case, there are heap attacks too)
is only possible if a user over-writes the return
address or some other part of the "lower" stack
contents.
So why doesn't any OS define the stack growth in the
other direction:
+----------------------------------------------------+
| ... | return_addr | ... | buf | unused stack space |
+----------------------------------------------------+
Lower memory address ----> Higher memory address
The worst that can happen if a user overflows "buf"
is to over-write other local variables in the current
stack frame (not shown in the ASCII art), or write
to unused stack space.
I do realize both the OS and all apps would need to be
re-compiled to run on the new system, but that sort of
flash-cutover happened before. (IIRC early SunOS was
little-endian in one version and big-endian in the next.
Or maybe it's the other way around.)
But I've never seen this idea mentioned in ANY discussion
of buffer overflows. I can't be the first to think of
this simple idea, it seems obvious. So why isn't
this done? What am I (clearly a non-expert) missing?
Does anyone have any ideas?
-Wayne
Stack and Heap are orgnized in this ways cos we wanna save space for
the process
Thanks for the reply. But I don't understand how the direction
of stack growth affects the amount of memory consumed by a
process (actually a thread). The stack is fixed in size
at process creation time, and unlike the heap, doesn't grow
over time. "Stack growth" is really just "stack use", right?
So how does the direction affect total memory usage?
-Wayne
Please get a book on Linux memory management, and read it.
My suggestion is 'Understanding the Linux Kernel'. You can
Google for it.
The demand-paged virtual memory system of Linux will detect
an overflow of a memory section. It also uses only the active
pages of the memory sections in real memory.
Most of the overflow attacks are using buffers allocated
*in the stack*, so the memory management cannot detect an
overflow. This is simply sloppy programming.
--
Tauno Voipio
tauno voipio (at) iki fi
.
- Follow-Ups:
- References:
- Prev by Date: Re: Easily and Permanently prevent all stack buffer overflows
- Next by Date: Re: Easily and Permanently prevent all stack buffer overflows
- Previous by thread: Re: Easily and Permanently prevent all stack buffer overflows
- Next by thread: Re: Easily and Permanently prevent all stack buffer overflows
- Index(es):
Relevant Pages
|
Loading
