On Thu, Aug 14, 2003 at 07:26:47PM +0200, Mariusz Woloszyn wrote: > What we're discussing here is an internal structures and data protecting. > IMHO the ProPolice (http://www.research.ibm.com/trl/projects/security/ssp/), > is the best protection in this kind, even comparing to "two stack" > approach. ProPolice is not magical, though. There are plenty of cases where it is totally inefficient. To illustrate a very common one : #include <string.h> struct Test { char str[5]; }; int main(void) { struct Test x; strcpy(x.str, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); return 0; } Propolice doesn't see anything wrong and eip happily goes to 0x41414141. Propolice also doesn't give any protection against heap overflows. So the best protection is probably Propolice + non exec stack + write xor executable pages. Oh, surprise, this is just how OpenBSD works. This is still not a magical protection against everything. A vulnerable application can still behave abnormally after an overflow. But this couple makes injection + execution of arbitrary code way more tricky. The only way to sleep quietly is still to audit the code at the first place. -- __ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/
