[Only on -hackers]
With care and a lot of patience, you can build Immunix StackGuard for
FreeBSD. I did this on 3.3-R. If there's interest, I can post build
instructions (I probably don't have time to put together a port).
Charles
-----Original Message-----
From: Ronald F. Guilmette [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 18, 2000 3:21 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Defending against buffer overflows.
My attention has just been called to:
http://immunix.org/StackGuard/mechanism.html
Given all of the buffer overrun vulnerabilities that have been found in
various network daemons over time, this seems like a worthwhile sort of
technique to apply when compiling, in particular, network daemons and/or
servers.
I don't entirely agree with this fellow's approach however. I think that
the ``canary'' word should be located at the bottom end of the current
stack frame, i.e. in a place where no buffer overrun could possibly clobber
it.
Seems to me that this would be a nice and useful little enhancement for gcc.
I wouldn't mind having something like a -fbuffer-overrun-checks option for
gcc, and I would definitely use it when compiling network daemons.
Anybody else got an opinion?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
