Reply From: Aleph One <aleph1@underground.org>
Ack. I hate it when people announce they have solved "all buffer overflows".
To those that are wondering what the product really does, it simply
randomizes the stack address. This has been discussed before in BugTraq.
Nothing new, nor does it solve all buffer overflows.
Here is a section of the BugTraq FAQ (not yet released):
- Randomize the stack address. As part of a standard stack overflow the
attacker must guess the address of the code to execute. The code is
normally placed on the stack by the attacker via the same buffer
he is overflowing to overwrite the return address. By randomizing the
stack address during each execve the attacker no longer has good idea
of where his code will be placed.
Pros: Only requires kernel support. Does not require recompiling.
Cons: Does not address stack buffer overflow exploits that execute
code not on the stack. Does not address data buffer overflow exploits.
< http://www.greenend.org.uk/rjk/random-stack.text >
In other words, it only stops your garden variety buffer overflow exploit.
Any exploit that, for example sets up a functions args on the stack and
then jumps to the existing code it wants to execute (like using the procedure
linkage tables in ELF executables) will easily get around their "solution".
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:19:08 1999