|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Obtuse smtpd
Crispin Cowan (crispin
cse.ogi.edu)
Thu, 09 Jul 1998 11:53:38 -0700
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Frederick M Avolio: "Re: a long response to a Short note on new Laws"
- Previous message: Technical Incursion Countermeasures: "Re: a long response to a Short note on new Laws"
- In reply to: Eric Budke: "Re: a long response to a Short note on new Laws"
Joseph S. D. Yao wrote:
> Apparently, they only protect the return address in the most recent
> stack frame.
That was for protecting with the Pentium debug registers. We also did an
experiment where protection of the return address was done with a special
page-fault handler that we hacked into the kernel:
* make the page non-writable
* record the word you want to write
* trap writes to the return address word and stop them
* trap all other writes to the page and let them write through
In both cases (debug registers, and the page-fault handler) we found that
the overhead costs were ludicrously high, so we stopped development on
that line of work. The canary overheads are quite small, so development
continues.
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
StackGuard: protect your software against Stack Smashing Attack
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Support Justice: Boycott Windows 98
- Next message: Frederick M Avolio: "Re: a long response to a Short note on new Laws"
- Previous message: Technical Incursion Countermeasures: "Re: a long response to a Short note on new Laws"
- In reply to: Eric Budke: "Re: a long response to a Short note on new Laws"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:32 CDT