> On Fri, Aug 07, 1998 at 06:20:07AM +0000, Linus Torvalds wrote:
> > David Wragg <dpw@doc.ic.ac.uk> wrote:
> > >So here's another compiler-based solution: The function entry code
> > >saves the return address from the end of the stack frame to the start
> > >of the of stack frame. The function exit code compares the saved
> > >return address with the possibly overwritten one, and aborts the
> > >program if it was changed.
> >
> > There's an even simpler fix, with the compiler just pushing 0 on entry
> > to all functions, and on exit it pops it off and aborts if it is
> > non-zero.
>
> This is one of the mechanisms that OGI's StackGuard version of GCC uses
> to prevent stack-smashing attacks.
>
[SNIPPED]
>
> StackGuard is a user-level solution to the stack-smashing buffer overflow
> problem.
>
> ----
> Aaron J. Grier | agrier@cse.ogi.edu
VAX/VMS has (had??) an entry-mask for, amongst other things, this
operation.
Cheers,
Dick Johnson
***** FILE SYSTEM WAS MODIFIED *****
Penguin : Linux version 2.1.113 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html