On Tue, 2 Oct 2001 10:42, Justin R. Smith wrote:
> It occurred to me that custom versions of software can be more secure
> than standard versions because various exploits (like stack smashing,
> etc.) require precise knowledge of certain sizes and distances in RAM
> (for instance, the distance from the end of a buffer to the return
> point...).
>
> Isn't it possible to develop a "randomizing C compiler" that randomly
> varies these distances every time it compiles a program? No two compiles
> of the same source code would be exactly the same (but they would
> execute the same way).

I have a better idea. Use such a compiler for testing your code. If the program you are testing doesn't behave the same way in different compiles (a large proportion of programs won't because they are buggy) then you debug it!

Many times I have seen companies ship code compiled in debugging mode because optimising mode of the compiler resulting in SEGV's. Naturally they assumed it was a bug in the compiler not a bug in their code. :(

As someone else mentioned there are a number of options for trying to make it more difficult to smash stacks, including a kernel patch from Solar Designer.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.