Reply From: Aleph One <aleph1at_private> Ack. I hate it when people announce they have solved "all buffer overflows". To those that are wondering what the product really does, it simply randomizes the stack address. This has been discussed before in BugTraq. Nothing new, nor does it solve all buffer overflows. Here is a section of the BugTraq FAQ (not yet released): - Randomize the stack address. As part of a standard stack overflow the attacker must guess the address of the code to execute. The code is normally placed on the stack by the attacker via the same buffer he is overflowing to overwrite the return address. By randomizing the stack address during each execve the attacker no longer has good idea of where his code will be placed. Pros: Only requires kernel support. Does not require recompiling. Cons: Does not address stack buffer overflow exploits that execute code not on the stack. Does not address data buffer overflow exploits. < http://www.greenend.org.uk/rjk/random-stack.text > In other words, it only stops your garden variety buffer overflow exploit. Any exploit that, for example sets up a functions args on the stack and then jumps to the existing code it wants to execute (like using the procedure linkage tables in ELF executables) will easily get around their "solution". -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:09 PDT