vendicatorat_private wrote: > I don't know is this tecnique is already known but since I > added a protection for it in Stack Shield I decided to post > it. The attack form is well known. There was an exploit against SuperProbe in 1997 that used this technique. > The new Stack Shield 0.6 beta has a new protection mechanism > that checks on non-costant calls if the call is in the TEXT > segment. This could cause problems for programs that execute > code from the DATA or STACK segment, howewer this stops this > kind of attack. This is the part I wanted details on. The above paragraph is not sufficient for me to figure out what your defense against function pointer smashing is. My guess is that you're blocking indirect function calls that point to the data or stack segment. The stack segment block has an identical effect to Solar Designer's non-executable stack patch for the kernel. The data segment block is likely to cause failures for programs that emit dynamic code. Sure, emitting dynamic code is gross, but if you *are* going to do it, then function pointers is a natural way to call your dynamic code. Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:28 PDT