On Thu, Mar 11, 2004 at 11:56:00AM +0100, Hugh McColl wrote:

> What processors are you including here? I'm interested to know how
> would you prevent stack-buffer overrun exploits at the O/S level on an
> x86 architecture, if you believe this is practical? Are you assuming
> compiler support??

Take a look at the references below.  PaX (a patch for the Linux kernel)
tends to be more x86-centric than the work the OpenBSD developers have
done.

In brief, a number of techniques have been developed to work in tandem
to provide the sort of functionality we're talking about.

- By default, the kernel will make sure writable pages are not executable.
- Alter the kernel memory allocator to place read-only guard pages between
  allocated segments.
- The dynamic linker loads shared objects at randomized addresses--makes
  return-to-libc exploits harder.
- Compiler support for placing canaries on the stack, e.g.
  StackGuard/Propolice.

...and all of this is just to raise the bar for exploitation of heap or
stack smashing exploits--it does nothing for other aspects of the
security of the OS.

Note that this is not a complete list--there are at least three other
Linux projects working on similar things to the PaX people.

[0] http://pax.grsecurity.net/docs/index.html
[1] http://openbsd.org/papers/csw03.mgp

Cheers,
-mjg
-- 
Matthew Gregan                     |/
                                  /|                [EMAIL PROTECTED]

Reply via email to