On Thu, 11 Mar 2004 10:15, Matthew Gregan wrote:
> On Thu, Mar 11, 2004 at 09:31:51AM +0100, Hugh McColl wrote:
>
> There are lots of software solutions.  Even Microsoft's Visual C
> compiler has an option that places a canary on the stack to detect the
> function's return address has been overwritten.  These solutions raise
> the bar, a little[0], 

Yes, I came across the phrak article[0]  when evaluating StackGuard and 
StackShield for our own use a couple of years ago. I came across the IBM 
stack protection method in the URL I quoted this evening. This improves on 
StackGuard and as far as can tell, can prevent the phrak exploits (refer to 
'Comparison of Protection Techniques' in the article)

http://www.trl.ibm.com/projects/security/ssp/

> but they don't solve the problem.

I have never claimed they do. Such security features are part of the 
protection mechanisms in a computing system (hardware, firmware or software)  
resonsible for enforcing a security policy - nothing more!! 

> > Gentoo would be an ideal distro for hardening with Stack Smashing
> > Protection: http://www.gentoo.org/proj/en/hardened/propolice.xml
>
> Just rebuilding your current distribution with StackGuard or Propolice
> won't buy you much.  You're better off investigating a more thorough
> treatment of building a secure operating system distribution[1234].

I agree entirely! 

I probably should have posted your reference [4] below on 'Gentoo Hardening' 
rather than the propolice 'sub project'. I only quoted the 'sub project' 
because it was relevant to the specific 'sub topic' of this thread I was 
responding to.

> [0] http://www.phrack.org/phrack/56/p56-0x05
> [1] http://www.openbsd.org/
> [2] http://www.adamantix.org/
> [3] http://www.trustedbsd.org/
> [4] http://www.gentoo.org/proj/en/hardened/


Reply via email to