RE: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature

From: David LeBlanc (dleblancat_private)
Date: Fri Feb 15 2002 - 09:06:01 PST

Next message: Paul L Daniels: "Outlook \r expliots - ripMIME fix."

Previous message: David LeBlanc: "ITS4 from Cigital flawed"
In reply to: Crispin Cowan: "Re: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Crispin Cowan [mailto:crispinat_private] 
 
> Funnily enough, this book (published in November 2001) 
> actually refers to the stack ornaments that provide for overflow
detection as 
> "canaries," a term coined in the StackGuard 1998 paper. See 
> the book's index and search for "canary" 
> http://www.microsoft.com/mspress/books/index/5612.asp#Index
 
I can tell you why this occurred, as I'm the one who wrote that phrase.
I have followed Stackguard on this mailing list for quite some time
(dating back to well before I joined Microsoft), and I believe had a
brief conversation with you about it at USENIX. In fact, if you search
on "Cowan" or "Stackguard", you will also find a hit (in the same
paragraph, actually). It seemed to me to be an appropriate phrase to
describe the functionality.

The exact quote is:

"Tools exist to make static buffer overruns more difficult to exploit.
StackGuard, developed by Crispin Cowan and others, uses a test value -
known as a canary after the miner's practice of taking a canary into a
coal mine - to make a static buffer overrun much less trivial to
exploit. Visual C++ .NET incorporates a similar approach."

So the reason I used that exact term is because I was explicitly
mentioning your application and work. Although a fair bit of the content
of the book is Windows-centric, I tried to make the sections I wrote
which applied to all platforms as generic as possible. I felt it would
be a serious omission to write a chapter on buffer overruns and not
mention your work.

However, I do not work on the compiler team, and the /GS option was
implemented before I became aware of it. I have no idea what processes
went into that.

> If it was independent invention, there are a lot of 
> surprising coincidences.

The mention of your name in "Writing Secure Code" is not at all related
to the implementation of the /GS option. I don't think you should find
it surprising to be mentioned in a chapter about buffer overruns. As a
former academic, I try and cite relevant work when writing about any
given area.

David LeBlanc
dleblancat_private

Next message: Paul L Daniels: "Outlook \r expliots - ripMIME fix."
Previous message: David LeBlanc: "ITS4 from Cigital flawed"
In reply to: Crispin Cowan: "Re: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 14:13:04 PST