This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Return address checking for buffer overflow exploit
- From: markw <markw at mohawksoft dot com>
- To: gcc at gcc dot gnu dot org
- Date: Sun, 27 Apr 2003 11:05:41 -0400
- Subject: Return address checking for buffer overflow exploit
I had an idea, I'm not sure how practical it would be to implement, but....
On functions which allocate arrays on the stack, have the option of
inserting return address checking. This should be effective because it
works "pre-exploit."
The idea is that one of the ways an exploit gains control is to send
data which overwrites the return address and thus transfers control to
foreign code. On functions with return address checking, this would
cause the program to assert and fail.
If some compiler flag is set, i.e. --with-return-address-checking
Functions which declare an automatic array will add one more invisible
automatic variable below all the arrays which contain either a checksum
or the actual return address. Upon return, this variable is checked with
what the intended return address is, if they are not the same, then an
assert error is made and the program exits.
There could be implemented with varying degrees, i.e. every function
could check the return address or only functions with automatic arrays.
Pragmas can also be used to force certain functions either to have or
not have the checking.
#pragma check_return_address
#pragma nocheck_return_address
What do you guys think?