StackGuard: Automatic Protection From Stack-smashing Attacks

From: Crispin Cowan (crispinat_private)
Date: Thu Dec 18 1997 - 21:34:39 PST

  • Next message: Aleph One: "Administratrivia"

    StackGuard: Automatic Detection and Prevention of Buffer-Overflow Attacks
    
    StackGuard provides a systematic solution to the persistent problem of
    buffer overflow attacks.  Buffer overflow attacks gained notoriety in
    1988 as  art of the Morris Worm incident on the Internet.  While it is
    fairly simple to fix individual buffer overflow vulnerabilities, buffer
    overflow attacks  continue to this day.  Hundreds of attacks have been
    discovered, and while most of the obvious vulnerabilities have now been
    patched, more sophisticated buffer overflow attacks continue to emerge.
    
    StackGuard is a simple compiler technique that virtually eliminates
    buffer overflow vulnerabilities with only modest performance penalties.
    Privileged programs that are recompiled with the StackGuard compiler
    extension no longer yield control to the attacker, but rather enter
    fail-safe state.  These programs require no source code changes at all,
    and are binary-compatible with existing operating systems and libraries.
    
    StackGuard is intended to protect buggy software against stack smashing
    attacks, even those attacks that have not yet been discovered.  For
    instance, even though StackGuard was developed prior to the public
    announcement Samba stack smashing vulnerability, the same vulnerable
    Samba code when compiled with StackGuard protection was not vulnerable
    to the attack.
    
    A paper describing StackGuard will appear in the 1998 USENIX Security
    Conference.  A pre-print of the paper is available (postscript and
    HTML) here:
    
    http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
    
    Source for the StackGuard-enhanced gcc is also here.  This software is
    available under the usual GPL (GNU Public License) rules.  Security people
    are invited to download and evaluate StackGuard.
    
    StackGuard may be of particular interest to system administrators
    seeking to protect their hosts from attack.  The compiler is very stable;
    for instance, a StackGuard-enhanced gcc can compile itself correctly.
    Programs compiled with StackGuard should both compile and link without
    complaint.  However, since this is a first release of StackGuard, I
    still recommend that privileged software be kept up to date with respect
    to security announcements.
    
    I am very interested in feedback on StackGuard.  Naturally, all the usual
    feedback is requested (bugs, security vulnerabilities, comments on the
    design, etc.).  Of *particular* interest is any alarms that StackGuard
    sets off:  if someone attempts to apply a stack-smashing attack to
    a StackGuard-protected program, the program will halt with an error
    message instead of yielding a root shell.  This message *may* indicate
    the discovery of a new stack-smashing vulnerability:  please report it
    both to me.  If your version of the program is current, then you may
    also wish to report the problem to the author of the program in question.
    
    I wish to thank the many contributors to the BUGTRAQ mailing list.  The
    background information provided by BUGTRAQ was invaluable to this
    research.  I am aware that there are other stack smashing solutions,
    and they are described and cited in the paper.
    
    Crispin
    -----
    Crispin Cowan, Research Assistant Professor of Computer Science
    Oregon Graduate Institute      | Electronically:
    Department of Computer Science | analog:  503-690-1265
    PO Box 91000                   | digital: crispinat_private
    Portland, OR 97291-1000        | URL:     http://www.cse.ogi.edu/~crispin/
                    Knowledge is to Wisdom as Data is to Code
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:58 PDT