|
Bugtraq
mailing list archives
Re: fixing all buffer overflows --- random magin numbers
From: oxymoron () WASTE ORG (Oliver Xymoron)
Date: Fri, 17 Sep 1999 11:06:38 -0500
On Tue, 14 Sep 1999, Crispin Cowan wrote:
(post sent as HTML and ASCII because there's a table that's easier to read
in HTML. Aleph, go ahead and nuke the HTML if you prefer)
Urg. Pine happily munged it on reply:
The result looks like this:
Interface Implementation
Restriction * Firewalls * Bounds checking
* TCP Wrappers * StackGuard
* Randomly renaming system files
* Randomly renumbering system
Permutation calls (the hack proposed here * Randomly munging
by Maniscalco) data layout
* Fred Cohen's Deception Toolkit
You missed a couple interesting ones. One is randomly offsetting the
stack. Another is having separate stacks for the call chain and local
variables. Obviously wastes a register (or an indirection), but can
probably be proved secure against stack smashing.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
 By Date 
By Thread
Current thread:
| 
Intro
