Date: Sun, 16 Feb 1997 13:05:08 -0800 From: Cy Schubert <cy@cwsys.cwent.com> To: Bruce Evans <bde@zeta.org.au> Cc: dufault@hda.com, roberto@keltia.freenix.fr, freebsd-security@FreeBSD.org Subject: Re: buffer overruns Message-ID: <199702162105.NAA03252@cwsys.cwent.com> In-Reply-To: Your message of "Tue, 11 Feb 1997 12:23:40 %2B1100." <199702110123.MAA28254@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Has anyone seen modifications to gcc to generate guard bands around > >automatics and stack check sequences? The automatics can be checked > >when they come into / go out of existence, and stack integrity at > >return time. It won't stop the exploits, but it will make them > >harder, and you will get "security" dumps from setuid programs if > >you require that setuid programs be compiled that way (and linked > >against a separate "secure" library compiled that way also). > > I haven't seen anything. Perhaps something could be hacked into > the existing profiling support. I added a -mprofiler-epilogue > call to FreeBSD's gcc. It results in calls to a profiling function > `mexitcount' before each normal function returns. This would be > a good to check the return address and other stuff in the caller's > frame. What about the bounds-checking gcc? Would that be a place to start? You can get it from ftp://dse.doc.ic.ac.uk/pub/misc/bcc/. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702162105.NAA03252>