On Thu, Mar 11, 2004 at 11:56:00AM +0100, Hugh McColl wrote: > What processors are you including here? I'm interested to know how > would you prevent stack-buffer overrun exploits at the O/S level on an > x86 architecture, if you believe this is practical? Are you assuming > compiler support??
Take a look at the references below. PaX (a patch for the Linux kernel) tends to be more x86-centric than the work the OpenBSD developers have done. In brief, a number of techniques have been developed to work in tandem to provide the sort of functionality we're talking about. - By default, the kernel will make sure writable pages are not executable. - Alter the kernel memory allocator to place read-only guard pages between allocated segments. - The dynamic linker loads shared objects at randomized addresses--makes return-to-libc exploits harder. - Compiler support for placing canaries on the stack, e.g. StackGuard/Propolice. ...and all of this is just to raise the bar for exploitation of heap or stack smashing exploits--it does nothing for other aspects of the security of the OS. Note that this is not a complete list--there are at least three other Linux projects working on similar things to the PaX people. [0] http://pax.grsecurity.net/docs/index.html [1] http://openbsd.org/papers/csw03.mgp Cheers, -mjg -- Matthew Gregan |/ /| [EMAIL PROTECTED]
