WinXP SP2 Non executable stack
Results 1 to 10 of 10

Thread: WinXP SP2 Non executable stack

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    WinXP SP2 Non executable stack

    Ok, so I've been reading on the upcoming SP2 for XP (wonder if it'll apply to Server 2003 too... anyways) and I see that they're introducing stack protection features (non executable stack...) which I think is *really* interesting when you consider that other security oriented OSes, like OpenBSD, just commited to these security features in their latest versions...

    Does anyone have more details on the exact implementations they're using for stack protection?

    While MS's reputation for security is less than great, to me this seems like a important step forward... What do you all make of it?

    Ammo
    Credit travels up, blame travels down -- The Boss

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Did you check out m$'s docs on it? I haven't read up on it as of yet... but will do so shortly.

    Sorry I don't have any more to add at this time.

    Check out the following doc.

    http://msdn.microsoft.com/library/de...ityinxpsp2.asp
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If you read it there's a _lot_ of good in that.... Does it mean that M$ will become impregnable???? Not a chance.... But it's a serious attempt at restricting the "lame" from simply exploiting "any old box that is connected to the net".

    I offer applause to M$..... Even if that applause may not be deafening.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If it's the same stuff thats build into W2K3 David Litchfield already defeated it. You can read his paper here.

    I guess it'll thwart textbook buffer-overflows but anybody above a scriptkiddie in larval stage is probably able to circumvent it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    52
    I think your all just looking for someone to blame and give your life and choice of hobby meaning.

    if the other guys only just started doing it then MS aint that far bhind. what they done wrong, they are improving.. dammit at least it works. I still can't find a fix to my linux problem

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by ghostofanonion
    I think your all just looking for someone to blame and give your life and choice of hobby meaning.

    if the other guys only just started doing it then MS aint that far bhind. what they done wrong, they are improving.. dammit at least it works. I still can't find a fix to my linux problem
    You sound like Jorge Lopez. You aren't by any chance him, are you?

    http://www.divisiontwo.com/articles/mcse2.htm

    (I "borrowed" that link from someone in GCC)
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Talk about a biased article sjees. It's also riddled with FUD.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by SirDice
    If it's the same stuff thats build into W2K3 David Litchfield already defeated it. You can read his paper here.

    I guess it'll thwart textbook buffer-overflows but anybody above a scriptkiddie in larval stage is probably able to circumvent it.
    Correct me if I'm wrong, but I don't think W2K3 has the non-exec stack; it only was compiled with the stack-gard-like feature (/gs switch) of MS's compiler. At least the author of that paper doesn't mention either...

    Besides, you'll have to admit that writing an exploit for something compiled with this feature is much harder than just sending a bunch of NOOPs, jump and a piece of shell code...

    And with a non-exec stack and heap this becomes even more difficult...

    Still, how many other OSes use nx stacks and stack protecting compilers by default? Only one I know of is OpenBSD (maybe trustix and/or trusted solaris?)
    Anyways, we all know no security is absolute...


    Ammo
    Credit travels up, blame travels down -- The Boss

  9. #9
    Member
    Join Date
    Dec 2003
    Posts
    52
    Whoever that Joge Lope dude is I probably aint him, at least not to my knowledge. BTW I have got linux working.. i still think it sux... Maybe when I get it properly configured I might be happy, but i doubt it

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by ammo
    Correct me if I'm wrong, but I don't think W2K3 has the non-exec stack; it only was compiled with the stack-gard-like feature (/gs switch) of MS's compiler. At least the author of that paper doesn't mention either...
    I think you're right. AFAIK it uses a canary (MS calls it a cookie) based protection.


    Besides, you'll have to admit that writing an exploit for something compiled with this feature is much harder than just sending a bunch of NOOPs, jump and a piece of shell code...
    Like I said, it'll prevent textbook buffer-overflows.


    And with a non-exec stack and heap this becomes even more difficult...
    Not really. Read Non-Stack overflows on Windows also by David Litchfield.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •