>>SELinux Mailing List

Contents

Overview

What's New

Frequently Asked Questions

Background

Documentation

License

Download

Participating

Mail List

Archive Summary

Archive by Thread

Archive by Author

Archive by Date

Archive by Subject

Remaining Work

Contributors

Related Work

Press Releases

Re: A notion

From: Conan Callen <ccallen_at_windowpane.com>
Date: Mon, 1 Oct 2001 19:40:26 -0700 (PDT)

On Tue, 2 Oct 2001, Javier wrote:

I was wondering about the possiblity of moving the return addresses out of the stack completely (even hashed & check summed so that its not a simple matter of just writing a new return address over the existing one). Im not a complier or assembler writer, but it seems that this should be possible. Of course, as soon as it was made public exploits could be immediatly developed.

> For exploit buffer overflow you needn't know the distances you say, it helps
> but it's not essential. Once you know (or suspect) the program is weak you
> can try with differet sizes till you get the good one. If you want keep
> yourself safe from this kind of exploiting, make sure that you control
> buffer sizes. It is a simple and efficient method.
>
> PD: Excuse my english but it is not my parent tongue.
>
> ----- Original Message -----
> From: "Justin R. Smith" <jsmith@mcs.drexel.edu>
> To: <selinux@tycho.nsa.gov>
> Sent: Tuesday, October 02, 2001 10:42 AM
> Subject: A notion
>
>
> > It occurred to me that custom versions of software can be more secure
> > than standard versions because various exploits (like stack smashing,
> > etc.) require precise knowledge of certain sizes and distances in RAM
> > (for instance, the distance from the end of a buffer to the return
> > point...).
> >
> > Isn't it possible to develop a "randomizing C compiler" that randomly
> > varies these distances every time it compiles a program? No two compiles
> > of the same source code would be exactly the same (but they would
> > execute the same way).
> >
> > This might involve inserting small random-sized blocks of dead code, or
> > doing returns from subroutines through a level of indirection (i.e.,
> > putting the actual return at some random location in the object code
> > with a branch to it).
> >
> > Done right, this might not degrade performance significantly.
> >
> >
> > --
> >
> >
> > --
> > You have received this message because you are subscribed to the selinux
> list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> > the words "unsubscribe selinux" without quotes as the message.
>
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Received on Mon 1 Oct 2001 - 23:40:55 EDT

This message: [ Message body ]
Next message: Yuichi Nakamura: "Re: I can ' t use named on LSM-based Prototype. Why?"
Previous message: Lon McPhail: "FW: A notion"
In reply to: Javier: "Re: A notion"
Next in thread: Lon McPhail: "FW: A notion"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:26 EDT