1 |
On Tue, 2004-04-20 at 00:58, Ned Ludd wrote: |
2 |
> On Tue, 2004-04-20 at 00:46, Robert Connolly wrote: |
3 |
> > On April 20, 2004 12:02 am, Ned Ludd wrote: |
4 |
> > > On Mon, 2004-04-19 at 22:29, Robert Connolly wrote: |
5 |
> > > > On April 19, 2004 09:16 pm, Ned Ludd wrote: |
6 |
> > > > > On Mon, 2004-04-19 at 17:55, Robert Connolly wrote: |
7 |
> > > > >>... |
8 |
> > > > > |
9 |
> > > > > Could you test the following attachment (guard-test) a few times and |
10 |
> > > > > post the results? Mainly I'd like to verify that your __guard is |
11 |
> > > > > infact working as expected. (It should SEGFAULT or SIGABRT) |
12 |
> > > > |
13 |
> > > > ./guard-test |
14 |
> > > > main = 0x800009d4; |
15 |
> > > > __guard = 0x4012aba0; |
16 |
> > > > __stack_smash_handler = 0x4002de50; |
17 |
> > > > __guard = 0x4012aba0; |
18 |
> > > > __stack_smash_handler = 0x4002de50; |
19 |
> > > > guard-test: stack smashing attack in function mainAborted |
20 |
> > > |
21 |
> > > And how about a second run... __guard is at a different location? |
22 |
> > |
23 |
> > No. The addresses do not change. btw, the addresses do not change using Etoh/ |
24 |
> > obsd's ssp either (using arandom). I don't have a system with ssp urandom to |
25 |
> > compare to right now. |
26 |
> |
27 |
> |
28 |
> If the address does not change then it does not work. |
29 |
|
30 |
Robert, |
31 |
|
32 |
I must apologize the previous example code was printing the address |
33 |
of __guard and not value of the __guard itself. |
34 |
|
35 |
Can we try something like? |
36 |
------------------------- |
37 |
extern unsigned long __guard[]; |
38 |
|
39 |
int main () { |
40 |
printf("__guard\t=\t0x%08x;\n", __guard[0]); |
41 |
return 0; |
42 |
} |
43 |
----------------------- |
44 |
|
45 |
I've also been giving some more thought into using the gettimeofday() as |
46 |
we had discussed one day.. It could work across the board and would and |
47 |
no kernel patching would be required which is probably more ideal for |
48 |
Gentoo users as we have a butt ton of kernels. Disadvantage of course |
49 |
would be potential timing attacks by local users. |
50 |
|
51 |
Anybody know if there is a way to get jiffies from user-land? |
52 |
|
53 |
-- |
54 |
Ned Ludd <solar@g.o> |
55 |
Gentoo Linux Developer |