This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: StackGouard

To: den at ftp dot loxinfo dot co dot th (Densin Roy.)
Subject: Re: StackGouard
From: Joe Buck <jbuck at synopsys dot com>
Date: Thu, 30 Jul 98 8:04:27 PDT
Cc: egcs at cygnus dot com


> 	Dear
> 	Can this project will be in egcs-project for more security
> 	when compile setuid/daemon binary.
> 
> 	http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard

If someone officially contributed it (with the legal papers), it could
be.  But I think that the approach as described is limited.  It protects
the return address only, but many stack-smashing exploits are really
trying to change some other data.

The problem is that the authors did not think about how the bad guys
will respond to the wide availability of StackGuard.  It defeats attacks
designed for the original programs, but didn't ask or answer the question
of whether the attacks couldn't simply be redesigned to kill the modified
versions.

References:
- StackGouard
  - From: Densin Roy.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]