Neat idea. But, couldn't someone just take a common binary (say ls) that exists on the target system and reverse engineer it and begin to make a mapping of numbers to syscalls. Nick Maniscalco At 09:37 PM 9/11/99 -0400, Dr. Joel M. Hoffman wrote: >I was thinking --- it wouldn't be too hard to make buffer overflow >attacks impossible. The basic idea is to do away with binary >compatibility. > >In particular, I was thinking that part of building a kernel would >involve assigning a random number to each syscall, and creating a >syscall.h file with these random numbers. A binary would only run if >it was compiled with the proper syscall.h, so all binaries would have >to be recompiled for the new kernel, but then, syscall.h could be >removed, and the system would be impervious to buffer overflow >attacks. (One step further would involve random magic numbers in >every function call.) > >I would be happy to give up binary compatilibyt for the added security >it would add. > >Comments? > >-Joel Hoffman >(joelat_private) >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:14 PDT