Hosting Provided By

Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)

From: xenophi1e <oliver.lavery(at)sympatico.ca>
Date: Fri May 16 2003 - 13:02:07 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <20030516014931.GB564@rahul.net>

Interesting. How much would you need to do to expand this to prevent hacking as opposed to just programming errors? Provided the canary was hard to guess, it would be pretty good, I think. Perhaps you could also checksum the bookeeping info and XOR it with the canary and perhaps the allocated address. These three pieces of information seem like they would be quite difficult to fake. Especially if the canary was randomly generated each time the application started, or even more frequently.

A static canary and the size alone would be easy to guess, it seems to me.

There are probably better schemes, but this has the nice property of being something you could retrofit without breaking the world. Well, at least something you could kinda retrofit if it weren't for some nasty implementation details. Are there any products like StackGuard that do something like this?

Cheers,
~x

>When I got around to wrapping malloc, I decided to get a smigeon
Received on Fri May 16 18:56:33 2003

This message: [ Message body ]
Next message: xenophi1e: "Re: MSIE integer overflows"
Previous message: xenophi1e: "Re: vulndev-1 and a suggestion about the ensuing discussion"
In reply to Bennett Todd: "safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)"
Next in thread: William Robertson: "Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)"
Reply: William Robertson: "Re: safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT