Stackguarding

Printable View

November 21st, 2004, 05:36 AM
Soda_Popinsky

Stackguarding

:hello:

Here is the paper I am reading:
http://www.nsa.gov/snac/support/WORMPAPER.pdf

It speaks of a layer of protection called "stackguarding". What it does is offer protection by making software resistant to buffer overflows. I am trying to research this further, but I don't see much of it available. Do any of you have experience with stackguarding? What I'm trying to find out is if this will cover applications with vulnerabilities written in languages like c, or if stackguarding just means using languages that will manage memory automatically like Java and C#. If there is software available that will stackguard software with prexisting buffer overflows (already compiled in a language like c), I think it would be valuable, and I'd like to hear of some.

Thanks!
November 21st, 2004, 06:08 AM
chsh

Stackguard is a compiler that simply protects apps compiled with it from stack smashing attacks (buffer overflows and the like).

http://www.cse.ogi.edu/DISC/projects...ix/StackGuard/
November 21st, 2004, 07:28 AM
Soda_Popinsky

Ok, so it needs to be compiled with Stackguard to receive that layer of protection. What would something be called that monitors or protects a binary from this sort of attack, if one exists?

Pretend you have a server, all of a sudden you learn it is vulnerable to a buffer overflow. A patch is due out in a week, and you cannot risk being exploited in the week. However, you are forced to keep the server up (for w/e reason).

Is there any software available that you could run the server under that would help prevent it from being exploited? (Pretending that you can't stop the attack at the firewall or elsewhere)

If that makes no sense or doesn't exist for a specific reason, then I'd like to know why.

Thanks!
November 21st, 2004, 08:45 AM
Maestr0

Stackguard

Yes, some sort of stack protection could help your vulnerable service (It sure wont hurt). However, like everything in the security world, there is no end all solution. I'm not an expert by any means on the subject but most stack guarding I've seen revolves around the compiler placing a canary next to the return addresses on the stack. The idea being if someone smashes the stack they overwrite the canary and the code becomes non-executable. This will prevent many of the stanard buffer overflows from succeeding but is not undefeatable.David Litchfield wrote a great paper about defating the Win2k3 version of stackguard.

-Maestr0

http://www.cs.jhu.edu/~rubin/courses...stackguard.pdf