This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: StackGouard
- To: den at ftp dot loxinfo dot co dot th (Densin Roy.)
- Subject: Re: StackGouard
- From: Joe Buck <jbuck at synopsys dot com>
- Date: Thu, 30 Jul 98 8:04:27 PDT
- Cc: egcs at cygnus dot com
> Dear
> Can this project will be in egcs-project for more security
> when compile setuid/daemon binary.
>
> http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard
If someone officially contributed it (with the legal papers), it could
be. But I think that the approach as described is limited. It protects
the return address only, but many stack-smashing exploits are really
trying to change some other data.
The problem is that the authors did not think about how the bad guys
will respond to the wide availability of StackGuard. It defeats attacks
designed for the original programs, but didn't ask or answer the question
of whether the attacks couldn't simply be redesigned to kill the modified
versions.