|
-
December 11th, 2003, 11:07 PM
#1
WinXP SP2 Non executable stack
Ok, so I've been reading on the upcoming SP2 for XP (wonder if it'll apply to Server 2003 too... anyways) and I see that they're introducing stack protection features (non executable stack...) which I think is *really* interesting when you consider that other security oriented OSes, like OpenBSD, just commited to these security features in their latest versions...
Does anyone have more details on the exact implementations they're using for stack protection?
While MS's reputation for security is less than great, to me this seems like a important step forward... What do you all make of it?
Ammo
Credit travels up, blame travels down -- The Boss
-
December 12th, 2003, 12:13 AM
#2
Did you check out m$'s docs on it? I haven't read up on it as of yet... but will do so shortly.
Sorry I don't have any more to add at this time.
Check out the following doc.
http://msdn.microsoft.com/library/de...ityinxpsp2.asp
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
December 12th, 2003, 12:36 AM
#3
If you read it there's a _lot_ of good in that.... Does it mean that M$ will become impregnable???? Not a chance.... But it's a serious attempt at restricting the "lame" from simply exploiting "any old box that is connected to the net".
I offer applause to M$..... Even if that applause may not be deafening..... 
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 12th, 2003, 01:40 PM
#4
If it's the same stuff thats build into W2K3 David Litchfield already defeated it. You can read his paper here.
I guess it'll thwart textbook buffer-overflows but anybody above a scriptkiddie in larval stage is probably able to circumvent it.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 12th, 2003, 01:49 PM
#5
Member
I think your all just looking for someone to blame and give your life and choice of hobby meaning.
if the other guys only just started doing it then MS aint that far bhind. what they done wrong, they are improving.. dammit at least it works. I still can't find a fix to my linux problem
-
December 12th, 2003, 03:01 PM
#6
Originally posted here by ghostofanonion
I think your all just looking for someone to blame and give your life and choice of hobby meaning.
if the other guys only just started doing it then MS aint that far bhind. what they done wrong, they are improving.. dammit at least it works. I still can't find a fix to my linux problem
You sound like Jorge Lopez. You aren't by any chance him, are you?
http://www.divisiontwo.com/articles/mcse2.htm
(I "borrowed" that link from someone in GCC)
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
December 12th, 2003, 03:08 PM
#7
Talk about a biased article sjees. It's also riddled with FUD.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 12th, 2003, 04:39 PM
#8
Originally posted here by SirDice
If it's the same stuff thats build into W2K3 David Litchfield already defeated it. You can read his paper here.
I guess it'll thwart textbook buffer-overflows but anybody above a scriptkiddie in larval stage is probably able to circumvent it.
Correct me if I'm wrong, but I don't think W2K3 has the non-exec stack; it only was compiled with the stack-gard-like feature (/gs switch) of MS's compiler. At least the author of that paper doesn't mention either...
Besides, you'll have to admit that writing an exploit for something compiled with this feature is much harder than just sending a bunch of NOOPs, jump and a piece of shell code...
And with a non-exec stack and heap this becomes even more difficult...
Still, how many other OSes use nx stacks and stack protecting compilers by default? Only one I know of is OpenBSD (maybe trustix and/or trusted solaris?)
Anyways, we all know no security is absolute...
Ammo
Credit travels up, blame travels down -- The Boss
-
December 13th, 2003, 03:52 PM
#9
Member
Whoever that Joge Lope dude is I probably aint him, at least not to my knowledge. BTW I have got linux working.. i still think it sux... Maybe when I get it properly configured I might be happy, but i doubt it
-
December 15th, 2003, 05:00 PM
#10
Originally posted here by ammo
Correct me if I'm wrong, but I don't think W2K3 has the non-exec stack; it only was compiled with the stack-gard-like feature (/gs switch) of MS's compiler. At least the author of that paper doesn't mention either...
I think you're right. AFAIK it uses a canary (MS calls it a cookie) based protection.
Besides, you'll have to admit that writing an exploit for something compiled with this feature is much harder than just sending a bunch of NOOPs, jump and a piece of shell code...
Like I said, it'll prevent textbook buffer-overflows.
And with a non-exec stack and heap this becomes even more difficult...
Not really. Read Non-Stack overflows on Windows also by David Litchfield.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote