Firewall Wizards mailing list archives

Re: Obtuse smtpd

From: Crispin Cowan <crispin () cse ogi edu>
Date: Thu, 09 Jul 1998 11:53:38 -0700

Joseph S. D. Yao wrote:

Apparently, they only protect the return address in the most recent
stack frame.


That was for protecting with the Pentium debug registers.  We also did an
experiment where protection of the return address was done with a special
page-fault handler that we hacked into the kernel:

   * make the page non-writable
   * record the word you want to write
   * trap writes to the return address word and stop them
   * trap all other writes to the page and let them write through

In both cases (debug registers, and the page-fault handler) we found that
the overhead costs were ludicrously high, so we stopped development on
that line of work.  The canary overheads are quite small, so development
continues.

Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    StackGuard: protect your software against Stack Smashing Attack
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

                 Support Justice:  Boycott Windows 98

Current thread:

RE: Obtuse smtpd Craig Woods (Jul 01)
- <Possible follow-ups>
- RE: Obtuse smtpd Craig Woods (Jul 02)
  - StackGuard Crispin Cowan (Jul 07)
  - Re: Obtuse smtpd Joseph S. D. Yao (Jul 07)
    - Re: Obtuse smtpd Joseph S. D. Yao (Jul 08)
    - Re: Obtuse smtpd Crispin Cowan (Jul 12)
- Re: obtuse smtpd John Lines (Jul 02)
  - Re: obtuse smtpd Joseph S. D. Yao (Jul 07)