> * have libc do stack frame analysis, and then have certain
> functions (sprintf, memcpy, strcpy, etc.) not allow
> operations which overwrite stack frame boundaries.
Even better would be if the compiler could tip off libc on the size of these
target ranges, then could the libc routines follow these boundaries and an
attack would not be able to overrun them. This would add overhead (4 bytes per
string) but may be worth it. It also keeps it out of the kernel but surely in
both gcc and libc. The executional overhead of such a solution should not be
very excessive thougth (compare, local jump and a possible correction load).
There are some troubles on how to convey these parameters that has to do with
backward compability with binaries _not_ compiled to have these hint limits,
but that is another separate problem which may be solved and then possibly
outside this forum.
I'm sure many will find the diffrent flaws of this method. ;)
Cheers,
Magnus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/