Certain apps (notably java virtual machines) manipulate stack return addresses. I understood that one of the advantages of Immunix's product StackGuard was that you could still run these types of apps by statically linking them against a normal libc (and chrooting them or otherwise confining them). If the protection is mandatory, and in hardware, then surely these types of app wont work.
Cheers, Leon
Hilmi Ozdoganoglu wrote:
> SmashGuard is a hardware-based solution developed at Purdue >University to prevent Buffer-Overflow Attacks realized by overwriting the >Function Return Address (patent-pending). The design of SmashGuard is a >kernel patch that supports CPUs modified to support SmashGuard protection. > > For details please refer to the TechReports at: > > http://www.smashguard.org > > In addition to details of SmashGuard, the site serves as a comprehensive >resource for buffer overflow attacks/prevention/detection. On "the buffer >overflow page" we provide links to research papers, known exploits, safer >C languages, patents, audit tools and more. If you can think of a site or >resource that should be added please send email to our webmaster >(cyprian@purdue.edu) > >-SmashGuard Group >