|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mariusz Woloszyn (emsi
ipartners.pl)Date: Mon Mar 04 2002 - 03:18:05 CST
On Wed, 20 Feb 2002, Crispin Cowan wrote:
> >>>There is some kind of stack protector for gcc 3.0 and 2.95.
> >>>I just found it, so no conclusion, but there is no StackGuard version of
> >>>gcc 3.0.
> >>>
> >>We (i.e. Perry) checked it out back in September 2001, and found it to
> >>be horribly broken. We were considering using it for a basis for
> >>StackGuard 3.0, but gave it up as a lost cause.
> >>
> >What exactly is broken there??? They even provide a HOWTO recompile whole
> >RedHat distro.
> >
> Perry did some testing. At least one problem found that it was trivial
> to write a test program that ProPolice *said* was protected, but the
> code generator did not actually insert the canary code. I think he
> complained about several other forms of broken code generation, but I no
> longer recall the details.
>
I was investigating that issue and found no vulnerabilities in current
(3.0) version of this compiler. It protects a lot better than StackGuard
(reordering the variables and copying arguments), but seems to provide
more overhead.
Please let me know if there are any security problems with it I didn't
find. I have to treat is as best buffer overflow protecting compiler (it
gives protection for all attacs I described in Phrack article!), from
security point of view.
-- Mariusz Wołoszyn Internet Security Specialist, Internet Partners_______________________________________________ Immunix-users mailing list Immunix-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]