Bugtraq: Re: Smashing the Stack: prevention?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Smashing the Stack: prevention?

From: snar () CARRIER KIEV UA (Alexander Snarskii)
Date: Mon, 28 Apr 1997 22:29:17 +0300


1.  'you gotta change the code'
        This one is obvious; people must change their SUID programs'
source code to avoid nasty things like gets() sprintf() strcat() and
strcpy() using things like fgets() strncat() strncpy() as substitutes.


Just one more way: replace ususal strcpy/sprintf/strcat
in libc to check stack integrity before exit, and generate
kill(SIGSEGV,getpid()) in case of violations.
That is a 'bad thing' from the performance point of view,
but not so bad (about 1% more time with stack
level 10); and that is not portable - because
stack checker must be written in assembler.

Sometimes ago i propagated such patches to FreeBSD team,
they did'nt commit it. If anyone interested:
ftp://ftp.lucky.net/pub/unix/local/libc-letter.

--
Alexandre Snarskii
the source code is included.

By Date By Thread

Current thread:

Re: Smashing the Stack: prevention?, (continued)
- Re: Smashing the Stack: prevention? Tim Newsham (Apr 27)
- Re: Smashing the Stack: prevention? Joe Zbiciak (Apr 28)
- Re: Smashing the Stack: prevention? Daniel Ryde (Apr 28)
- xlock clarification.... David Hedley (Apr 28)
- Re: Smashing the Stack: prevention? Steve Coleman - SEWP (Apr 28)
- Re: Smashing the Stack: prevention? Alexander Snarskii (Apr 28)
- Re: Smashing the Stack: prevention? Michael Shields (Apr 28)
  - Re: Smashing the Stack: prevention? Theo de Raadt (Apr 28)
- Re: Smashing the Stack: prevention? Shawn Instenes (Apr 29)
- Re: Smashing the Stack: prevention? J.R.Valverde (Apr 28)
- Re: Smashing the Stack: prevention? Randal Schwartz (Apr 28)