On Thu, 11 Mar 2004 10:15, Matthew Gregan wrote: > On Thu, Mar 11, 2004 at 09:31:51AM +0100, Hugh McColl wrote: > > There are lots of software solutions. Even Microsoft's Visual C > compiler has an option that places a canary on the stack to detect the > function's return address has been overwritten. These solutions raise > the bar, a little[0],
Yes, I came across the phrak article[0] when evaluating StackGuard and StackShield for our own use a couple of years ago. I came across the IBM stack protection method in the URL I quoted this evening. This improves on StackGuard and as far as can tell, can prevent the phrak exploits (refer to 'Comparison of Protection Techniques' in the article) http://www.trl.ibm.com/projects/security/ssp/ > but they don't solve the problem. I have never claimed they do. Such security features are part of the protection mechanisms in a computing system (hardware, firmware or software) resonsible for enforcing a security policy - nothing more!! > > Gentoo would be an ideal distro for hardening with Stack Smashing > > Protection: http://www.gentoo.org/proj/en/hardened/propolice.xml > > Just rebuilding your current distribution with StackGuard or Propolice > won't buy you much. You're better off investigating a more thorough > treatment of building a secure operating system distribution[1234]. I agree entirely! I probably should have posted your reference [4] below on 'Gentoo Hardening' rather than the propolice 'sub project'. I only quoted the 'sub project' because it was relevant to the specific 'sub topic' of this thread I was responding to. > [0] http://www.phrack.org/phrack/56/p56-0x05 > [1] http://www.openbsd.org/ > [2] http://www.adamantix.org/ > [3] http://www.trustedbsd.org/ > [4] http://www.gentoo.org/proj/en/hardened/
