|
-
November 21st, 2004, 05:36 AM
#1
Stackguarding
Here is the paper I am reading:
http://www.nsa.gov/snac/support/WORMPAPER.pdf
It speaks of a layer of protection called "stackguarding". What it does is offer protection by making software resistant to buffer overflows. I am trying to research this further, but I don't see much of it available. Do any of you have experience with stackguarding? What I'm trying to find out is if this will cover applications with vulnerabilities written in languages like c, or if stackguarding just means using languages that will manage memory automatically like Java and C#. If there is software available that will stackguard software with prexisting buffer overflows (already compiled in a language like c), I think it would be valuable, and I'd like to hear of some.
Thanks!
-
November 21st, 2004, 06:08 AM
#2
Stackguard is a compiler that simply protects apps compiled with it from stack smashing attacks (buffer overflows and the like).
http://www.cse.ogi.edu/DISC/projects...ix/StackGuard/
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
November 21st, 2004, 07:28 AM
#3
Ok, so it needs to be compiled with Stackguard to receive that layer of protection. What would something be called that monitors or protects a binary from this sort of attack, if one exists?
Pretend you have a server, all of a sudden you learn it is vulnerable to a buffer overflow. A patch is due out in a week, and you cannot risk being exploited in the week. However, you are forced to keep the server up (for w/e reason).
Is there any software available that you could run the server under that would help prevent it from being exploited? (Pretending that you can't stop the attack at the firewall or elsewhere)
If that makes no sense or doesn't exist for a specific reason, then I'd like to know why.
Thanks!
-
November 21st, 2004, 08:45 AM
#4
Stackguard
Yes, some sort of stack protection could help your vulnerable service (It sure wont hurt). However, like everything in the security world, there is no end all solution. I'm not an expert by any means on the subject but most stack guarding I've seen revolves around the compiler placing a canary next to the return addresses on the stack. The idea being if someone smashes the stack they overwrite the canary and the code becomes non-executable. This will prevent many of the stanard buffer overflows from succeeding but is not undefeatable.David Litchfield wrote a great paper about defating the Win2k3 version of stackguard.
-Maestr0
http://www.cs.jhu.edu/~rubin/courses...stackguard.pdf
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote