httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject StackGuard: Automatic Protection From Stack-smashing Attacks
Date Fri, 19 Dec 1997 08:01:12 GMT
>Approved-By: aleph1@UNDERGROUND.ORG
>X-Mailer: ELM [version 2.4 PL24]
>Date: 	Thu, 18 Dec 1997 21:34:39 -0800
>Reply-To: Crispin Cowan <crispin@CSE.OGI.EDU>
>Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
>From: Crispin Cowan <crispin@CSE.OGI.EDU>
>Subject:      StackGuard: Automatic Protection From Stack-smashing Attacks
>StackGuard: Automatic Detection and Prevention of Buffer-Overflow Attacks
>StackGuard provides a systematic solution to the persistent problem of
>buffer overflow attacks.  Buffer overflow attacks gained notoriety in
>1988 as  art of the Morris Worm incident on the Internet.  While it is
>fairly simple to fix individual buffer overflow vulnerabilities, buffer
>overflow attacks  continue to this day.  Hundreds of attacks have been
>discovered, and while most of the obvious vulnerabilities have now been
>patched, more sophisticated buffer overflow attacks continue to emerge.
>StackGuard is a simple compiler technique that virtually eliminates
>buffer overflow vulnerabilities with only modest performance penalties.
>Privileged programs that are recompiled with the StackGuard compiler
>extension no longer yield control to the attacker, but rather enter
>fail-safe state.  These programs require no source code changes at all,
>and are binary-compatible with existing operating systems and libraries.
>StackGuard is intended to protect buggy software against stack smashing
>attacks, even those attacks that have not yet been discovered.  For
>instance, even though StackGuard was developed prior to the public
>announcement Samba stack smashing vulnerability, the same vulnerable
>Samba code when compiled with StackGuard protection was not vulnerable
>to the attack.
>A paper describing StackGuard will appear in the 1998 USENIX Security
>Conference.  A pre-print of the paper is available (postscript and
>HTML) here:
>Source for the StackGuard-enhanced gcc is also here.  This software is
>available under the usual GPL (GNU Public License) rules.  Security people
>are invited to download and evaluate StackGuard.
>StackGuard may be of particular interest to system administrators
>seeking to protect their hosts from attack.  The compiler is very stable;
>for instance, a StackGuard-enhanced gcc can compile itself correctly.
>Programs compiled with StackGuard should both compile and link without
>complaint.  However, since this is a first release of StackGuard, I
>still recommend that privileged software be kept up to date with respect
>to security announcements.
>I am very interested in feedback on StackGuard.  Naturally, all the usual
>feedback is requested (bugs, security vulnerabilities, comments on the
>design, etc.).  Of *particular* interest is any alarms that StackGuard
>sets off:  if someone attempts to apply a stack-smashing attack to
>a StackGuard-protected program, the program will halt with an error
>message instead of yielding a root shell.  This message *may* indicate
>the discovery of a new stack-smashing vulnerability:  please report it
>both to me.  If your version of the program is current, then you may
>also wish to report the problem to the author of the program in question.
>I wish to thank the many contributors to the BUGTRAQ mailing list.  The
>background information provided by BUGTRAQ was invaluable to this
>research.  I am aware that there are other stack smashing solutions,
>and they are described and cited in the paper.
>Crispin Cowan, Research Assistant Professor of Computer Science
>Oregon Graduate Institute      | Electronically:
>Department of Computer Science | analog:  503-690-1265
>PO Box 91000                   | digital:
>Portland, OR 97291-1000        | URL:
>                Knowledge is to Wisdom as Data is to Code
specialization is for insects

View raw message