On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote:
> What we're discussing here is an internal structures and data protecting.
> IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/),
> is the best protection in this kind, even comparing to "two stack"
> approach.

ProPolice is not magical, though. There are plenty of cases where it is
totally inefficient. To illustrate a very common one :

#include <string.h>

struct Test {
char str[5];
};

int main(void)
{
struct Test x;
strcpy(x.str, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");

return 0;
}

Propolice doesn't see anything wrong and eip happily goes to 0x41414141.

Propolice also doesn't give any protection against heap overflows.

So the best protection is probably Propolice + non exec stack + write xor
executable pages. Oh, surprise, this is just how OpenBSD works.

This is still not a magical protection against everything. A vulnerable
application can still behave abnormally after an overflow. But this couple
makes injection + execution of arbitrary code way more tricky.

The only way to sleep quietly is still to audit the code at the first place.

--
__ /*- Frank DENIS (Jedi/Sector One) <j (at) 42-Networks (dot) Com [email concealed]> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/

[ reply ]