* Defending against buffer overflows.
@ 2000-02-18 14:21 Ronald F. Guilmette
2000-02-21 7:24 ` Bill C Riemers
2000-04-01 0:00 ` Ronald F. Guilmette
0 siblings, 2 replies; 4+ messages in thread
From: Ronald F. Guilmette @ 2000-02-18 14:21 UTC (permalink / raw)
To: freebsd-hackers, gnu-gcc
My attention has just been called to:
http://immunix.org/StackGuard/mechanism.html
Given all of the buffer overrun vulnerabilities that have been found in
various network daemons over time, this seems like a worthwhile sort of
technique to apply when compiling, in particular, network daemons and/or
servers.
I don't entirely agree with this fellow's approach however. I think that
the ``canary'' word should be located at the bottom end of the current
stack frame, i.e. in a place where no buffer overrun could possibly clobber
it.
Seems to me that this would be a nice and useful little enhancement for gcc.
I wouldn't mind having something like a -fbuffer-overrun-checks option for
gcc, and I would definitely use it when compiling network daemons.
Anybody else got an opinion?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Defending against buffer overflows.
2000-02-18 14:21 Defending against buffer overflows Ronald F. Guilmette
@ 2000-02-21 7:24 ` Bill C Riemers
2000-04-01 0:00 ` Bill C Riemers
2000-04-01 0:00 ` Ronald F. Guilmette
1 sibling, 1 reply; 4+ messages in thread
From: Bill C Riemers @ 2000-02-21 7:24 UTC (permalink / raw)
To: Ronald F. Guilmette; +Cc: freebsd-hackers, gnu-gcc
"Ronald F. Guilmette" wrote:
>
> My attention has just been called to:
>
> http://immunix.org/StackGuard/mechanism.html
>
> Given all of the buffer overrun vulnerabilities that have been found in
> various network daemons over time, this seems like a worthwhile sort of
> technique to apply when compiling, in particular, network daemons and/or
> servers.
>
> I don't entirely agree with this fellow's approach however. I think that
> the ``canary'' word should be located at the bottom end of the current
> stack frame, i.e. in a place where no buffer overrun could possibly clobber
> it.
>
> Seems to me that this would be a nice and useful little enhancement for gcc.
> I wouldn't mind having something like a -fbuffer-overrun-checks option for
> gcc, and I would definitely use it when compiling network daemons.
>
> Anybody else got an opinion?
Most tools like, electric fens, purify, ... Do the same type of trick.
It does slightly change the behavior of the code, so some bugs that appear
without doing such a trick won't appear with it, and of course visa versa.
The most significant effect is the changes as to when 'really' will not
be able to grow the buffer...
Overall, I think it is a good idea. It definitely should not be done
behind a user's back, but a compiler option to enable it as part of debugging
is probably a good idea.
Bill
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Defending against buffer overflows.
2000-02-21 7:24 ` Bill C Riemers
@ 2000-04-01 0:00 ` Bill C Riemers
0 siblings, 0 replies; 4+ messages in thread
From: Bill C Riemers @ 2000-04-01 0:00 UTC (permalink / raw)
To: Ronald F. Guilmette; +Cc: freebsd-hackers, gnu-gcc
"Ronald F. Guilmette" wrote:
>
> My attention has just been called to:
>
> http://immunix.org/StackGuard/mechanism.html
>
> Given all of the buffer overrun vulnerabilities that have been found in
> various network daemons over time, this seems like a worthwhile sort of
> technique to apply when compiling, in particular, network daemons and/or
> servers.
>
> I don't entirely agree with this fellow's approach however. I think that
> the ``canary'' word should be located at the bottom end of the current
> stack frame, i.e. in a place where no buffer overrun could possibly clobber
> it.
>
> Seems to me that this would be a nice and useful little enhancement for gcc.
> I wouldn't mind having something like a -fbuffer-overrun-checks option for
> gcc, and I would definitely use it when compiling network daemons.
>
> Anybody else got an opinion?
Most tools like, electric fens, purify, ... Do the same type of trick.
It does slightly change the behavior of the code, so some bugs that appear
without doing such a trick won't appear with it, and of course visa versa.
The most significant effect is the changes as to when 'really' will not
be able to grow the buffer...
Overall, I think it is a good idea. It definitely should not be done
behind a user's back, but a compiler option to enable it as part of debugging
is probably a good idea.
Bill
^ permalink raw reply [flat|nested] 4+ messages in thread
* Defending against buffer overflows.
2000-02-18 14:21 Defending against buffer overflows Ronald F. Guilmette
2000-02-21 7:24 ` Bill C Riemers
@ 2000-04-01 0:00 ` Ronald F. Guilmette
1 sibling, 0 replies; 4+ messages in thread
From: Ronald F. Guilmette @ 2000-04-01 0:00 UTC (permalink / raw)
To: freebsd-hackers, gnu-gcc
My attention has just been called to:
http://immunix.org/StackGuard/mechanism.html
Given all of the buffer overrun vulnerabilities that have been found in
various network daemons over time, this seems like a worthwhile sort of
technique to apply when compiling, in particular, network daemons and/or
servers.
I don't entirely agree with this fellow's approach however. I think that
the ``canary'' word should be located at the bottom end of the current
stack frame, i.e. in a place where no buffer overrun could possibly clobber
it.
Seems to me that this would be a nice and useful little enhancement for gcc.
I wouldn't mind having something like a -fbuffer-overrun-checks option for
gcc, and I would definitely use it when compiling network daemons.
Anybody else got an opinion?
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2000-04-01 0:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-02-18 14:21 Defending against buffer overflows Ronald F. Guilmette
2000-02-21 7:24 ` Bill C Riemers
2000-04-01 0:00 ` Bill C Riemers
2000-04-01 0:00 ` Ronald F. Guilmette
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).