StackGuard: Automatic Detection and Prevention of Buffer-Overflow Attacks StackGuard provides a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as art of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge. StackGuard is a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard compiler extension no longer yield control to the attacker, but rather enter fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. StackGuard is intended to protect buggy software against stack smashing attacks, even those attacks that have not yet been discovered. For instance, even though StackGuard was developed prior to the public announcement Samba stack smashing vulnerability, the same vulnerable Samba code when compiled with StackGuard protection was not vulnerable to the attack. A paper describing StackGuard will appear in the 1998 USENIX Security Conference. A pre-print of the paper is available (postscript and HTML) here: http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ Source for the StackGuard-enhanced gcc is also here. This software is available under the usual GPL (GNU Public License) rules. Security people are invited to download and evaluate StackGuard. StackGuard may be of particular interest to system administrators seeking to protect their hosts from attack. The compiler is very stable; for instance, a StackGuard-enhanced gcc can compile itself correctly. Programs compiled with StackGuard should both compile and link without complaint. However, since this is a first release of StackGuard, I still recommend that privileged software be kept up to date with respect to security announcements. I am very interested in feedback on StackGuard. Naturally, all the usual feedback is requested (bugs, security vulnerabilities, comments on the design, etc.). Of *particular* interest is any alarms that StackGuard sets off: if someone attempts to apply a stack-smashing attack to a StackGuard-protected program, the program will halt with an error message instead of yielding a root shell. This message *may* indicate the discovery of a new stack-smashing vulnerability: please report it both to me. If your version of the program is current, then you may also wish to report the problem to the author of the program in question. I wish to thank the many contributors to the BUGTRAQ mailing list. The background information provided by BUGTRAQ was invaluable to this research. I am aware that there are other stack smashing solutions, and they are described and cited in the paper. Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science Oregon Graduate Institute | Electronically: Department of Computer Science | analog: 503-690-1265 PO Box 91000 | digital: crispinat_private Portland, OR 97291-1000 | URL: http://www.cse.ogi.edu/~crispin/ Knowledge is to Wisdom as Data is to Code
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:58 PDT