Joseph S. D. Yao wrote:
> Apparently, they only protect the return address in the most recent
> stack frame.
That was for protecting with the Pentium debug registers. We also did an
experiment where protection of the return address was done with a special
page-fault handler that we hacked into the kernel:
* make the page non-writable
* record the word you want to write
* trap writes to the return address word and stop them
* trap all other writes to the page and let them write through
In both cases (debug registers, and the page-fault handler) we found that
the overhead costs were ludicrously high, so we stopped development on
that line of work. The canary overheads are quite small, so development
continues.
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
StackGuard: protect your software against Stack Smashing Attack
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Support Justice: Boycott Windows 98
Received on Jul 12 1998
Intro
