Neat idea.
But, couldn't someone just take a common binary (say ls) that exists
on the target system and reverse engineer it and begin to make a mapping
of numbers to syscalls.
Nick Maniscalco
At 09:37 PM 9/11/99 -0400, Dr. Joel M. Hoffman wrote:
>I was thinking --- it wouldn't be too hard to make buffer overflow
>attacks impossible. The basic idea is to do away with binary
>compatibility.
>
>In particular, I was thinking that part of building a kernel would
>involve assigning a random number to each syscall, and creating a
>syscall.h file with these random numbers. A binary would only run if
>it was compiled with the proper syscall.h, so all binaries would have
>to be recompiled for the new kernel, but then, syscall.h could be
>removed, and the system would be impervious to buffer overflow
>attacks. (One step further would involve random magic numbers in
>every function call.)
>
>I would be happy to give up binary compatilibyt for the added security
>it would add.
>
>Comments?
>
>-Joel Hoffman
>([EMAIL PROTECTED])
>
