Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature
From: "David LeBlanc" <dleblanc () mindspring com>
Date: Fri, 15 Feb 2002 09:06:01 -0800


From: Crispin Cowan [mailto:crispin () wirex com] 
 
Funnily enough, this book (published in November 2001) 
actually refers to the stack ornaments that provide for overflow
detection as 
"canaries," a term coined in the StackGuard 1998 paper. See 
the book's index and search for "canary" 
http://www.microsoft.com/mspress/books/index/5612.asp#Index
 
I can tell you why this occurred, as I'm the one who wrote that phrase.
I have followed Stackguard on this mailing list for quite some time
(dating back to well before I joined Microsoft), and I believe had a
brief conversation with you about it at USENIX. In fact, if you search
on "Cowan" or "Stackguard", you will also find a hit (in the same
paragraph, actually). It seemed to me to be an appropriate phrase to
describe the functionality.

The exact quote is:

"Tools exist to make static buffer overruns more difficult to exploit.
StackGuard, developed by Crispin Cowan and others, uses a test value -
known as a canary after the miner's practice of taking a canary into a
coal mine - to make a static buffer overrun much less trivial to
exploit. Visual C++ .NET incorporates a similar approach."

So the reason I used that exact term is because I was explicitly
mentioning your application and work. Although a fair bit of the content
of the book is Windows-centric, I tried to make the sections I wrote
which applied to all platforms as generic as possible. I felt it would
be a serious omission to write a chapter on buffer overruns and not
mention your work.

However, I do not work on the compiler team, and the /GS option was
implemented before I became aware of it. I have no idea what processes
went into that.

If it was independent invention, there are a lot of 
surprising coincidences.

The mention of your name in "Writing Secure Code" is not at all related
to the implementation of the /GS option. I don't think you should find
it surprising to be mentioned in a chapter about buffer overruns. As a
former academic, I try and cite relevant work when writing about any
given area.

David LeBlanc
dleblanc () mindspring com 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]