
	Where results make sense

Topic: StackGuard

Related Topics

John Wagner

Sam the Snowman

	StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks - Cowan, Pu, Maier, Hinton, ...
		StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks - Cowan, Pu, Maier, Hinton, Walpole, Bakke, Beattie, Grier, Wagle, Zhang (ResearchIndex)
		StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (1998)
		Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks.
	citeseer.ist.psu.edu /cowan98stackguard.html (611 words)

	StackGuard (Source Code)
		StackGuard is a compiler approach for defending programs and systems against "stack smashing" attacks.
		Programs that have been compiled with StackGuard are largely immune to stack smashing attack.
		When a vulnerability is exploited, StackGuard detects the attack in progress, raises an intrusion alert, and halts the victim program.
	www.securityfocus.com /tools/355 (75 words)

	Microsoft Compiler Flaw Technical Note [Cigital]
		The inventors of StackGuard first proposed the idea of placing a canary before the return address on function entry so that the canary value can be used on function exit to detect whether the return address has been altered.
		StackGuard turns out to be a reasonable way of preventing some kinds of buffer overflows by detecting them at runtime.
		Here is the basic idea: if there is a variable of pointer type on the stack after a vulnerable buffer, and that variable points somewhere that will be populated with user-supplied data in the function, it is possible to overwrite the variable to carry out an attack.
	www.cigital.com /news/mscompiler-tech.html (1985 words)

	SAGE White Papers
		Proposed solutions such as StackGuard, StackShield [11], and PaX [25] are not fully able to prevent exploitation because their protection mechanisms are applied to poorly written code after its creation.
		StackGuard was patched before the publication of [11] to protect the saved address more strongly.
		StackGuard had previously used either a random canary value (assigned to each function at run time) or a null canary which contained string terminating characters such as '\0' and '\n'.
	www.sage.org /pubs/whitepapers/buffers.html (3343 words)

	Securing Memory
		StackGuard is a mechanism that can be built into the GNU C compiler for detecting corrupted control information on the stack (in procedure activation records).
		The canary is an allusion to the practice among Welsh coal miners of carrying a canary with them as they went down — the canary was more sensitive to poisonous gas than a human being.
		A recent StackGuard version has included the saved registers and saved frame pointer (in addition to the return address for a procedure) to the set of guarded entities.
	www.kernelthread.com /publications/security/smemory.html (2411 words)

	Network Security – Enterprise Computer Information Security at Datamation
		StackGuard places a "canary" word next to the return address when a function is called.
		For it to be effective, the attacker must not be able to "spoof" the canary word by embedding the value for the canary word in the attack string.
		In the StackGuard tradition, it detects attempts to race the victim suid root program in progress, and (optionally) either refuses the killer open() call, or kills the victim process.
	itmanagement.earthweb.com /secu/print.php/734111 (1101 words)

	[No title] (Site not responding. Last check: )
		The biggest strengths of StackGuard are its easy deployability and ability to instrument any C program without having to change the source code of the program.
		Applying the StackGuard patch to one's C compiler may be the fastest way to add a decent level of protection against buffer-overflow attacks (the most "bang for the buck").
		So, a user of StackGuard shouldn't simply install the patch and consider security a solved problem; there are plenty of other ways that a program can be subverted.
	www.cs.berkeley.edu /~pingster/sec/stackguard.html (152 words)

	Multiple vulnerabilities in stack smashing protection technologies - The Community's Center for Security
		StackGuard 1.2 and 2.0.1 (included in Immunix 7.0) is vulnerable to all the described methods.
		StackGuard 1.21 is not vulnerable to #2 Other StackGuard versions were not tested and are suspected to be vulnerable as well.
		This example is valid for StackGuard and StackShielded programs.If StackShield is used with the option to terminate execution when anattack is detected, we only need to set as new return address the originalreturn address, so it doesn't detect a change.
	www.linuxsecurity.com /content/view/111652/151 (1843 words)

	[No title]
		Wirex offical response is: The upcoming next release of StackGuard,version 3.0 fixes problems #2, #3 and #4 by moving the terminator canary to a position between the frame pointer and all local variables.
		Problem #1 is not part of StackGuard's threat model, that is StackGuard is not designed to protect against exploitation before the vulnerable function exits.
		StackGuard v1.21 introduced the use of a random XOR canary for protection, but this option is not present on v2.0.1 (as checked browsing source code).
	www.hackemate.com.ar /advisories/Core/CORE-20020409.txt (1384 words)

	Linux.com - Compilation Solutions in C/C++
		StackGuard works by inserting a ``guard'' value (called a ``canary'') in front of the return address; if a buffer overflow overwrites the return address, the canary's value (hopefully) changes and the system detects this before using it.
		This is quite valuable, but note that this does not protect against buffer overflows overwriting other values (which they may still be able to use to attack a system).
		If you've worked hard to eliminate buffer overflows in the code itself, then StackGuard (and tools like it) are are likely to be more effective because there will be fewer ``chinks in the armor'' that StackGuard will be called on to protect.
	www.linux.com /howtos/Secure-Programs-HOWTO/compilation-c.shtml (766 words)

	Related work (Site not responding. Last check: )
		StackGuard] detects and defeats stack smashing attacks by protecting the return address on the stack from being altered.
		StackGuard places a ``canary'' word next to the return address when a function is called.
		The major limitation of StackGuard is that it protects against buffer overflows in the stack.
	www.linuxshowcase.org /2000/2000papers/papers/bernaschi/bernaschi_html/node12.html (595 words)

	ASPnews.com -- News : Design Flaw Found in .Net Framework
		He said officials were very receptive to the phone call, made a day before Cigital released the design flaw to the world, and thinks developers are already working on a fix for future releases.
		McGraw says it was relatively easy to detect the vulnerability because Microsoft uses a security approach based on StackGuard, a piece of code that lets developers set a "security error handler" function in their program to give an alert in the event of a possible attack.
		Unfortunately, there are several workarounds to the StackGuard approach that are well known in the hacker community.
	www.aspnews.com /news/print.php/974901 (475 words)

	[No title]
		The story of a restless mind." This article is an attempt to demonstrate that it is possible to exploit stack overflow vulnerabilities on systems secured by StackGuard or StackShield even in hostile environments (such as when the stack is non-executable).
		StackGuard Overview According to its authors, StackGuard is a "simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties." [1] We assume that the reader know how buffer overflow attacks work and how to write exploit code.
		We were running Slackware Linux without StackGuard and trampolines but with non-executable user stack but StackGuarded RH Linux refused to work in such a configuration...
	julianor.tripod.com /p56-05-bypassing_stackguard.txt (2010 words)

	ImmunixOS 7 - Secure Linux
		StackGuard detects and defeats stack smashing attacks by protecting the return address on the stack from being altered.
		If it's a buffer overflow StackGuard might stop it; or the attacker will not be able to do as much damage if SubDomain is properly set up.
		I doubt large vendors will make the effort, because when it comes right down to it, the majority of computer users will complain about security but spend money on products with more features, even if they are less secure.
	itmanagement.earthweb.com /secu/article.php/734111 (1442 words)

	Buffer Overflows
		StackGuard is one such add-on that is implemented as a small patch to the gcc code generator.
		"StackGuard is implemented as a small patch to the gcc code generator, specifically the function_prolog() and function_epilog() routines.
		Recompiling your application with StackGuard is an effective means of stopping most buffer-overflow attacks, but it can still be compromised.
	www.freebsd.org /doc/en_US.ISO8859-1/books/developers-handbook/secure-bufferov.html (880 words)

	Lab 12: Hackers R Us
		Therefore, we are going to take advantage of this and modify address spaces, which normally we would not have access to.
		Stackguard presents a novel method for preventing them.
		Pay particular attention to section 2 of Stackguard as it provides a concise description of buffer overflow attacks in general.
	www.cs.berkeley.edu /~pattrsn/61CF00/labs/lab12.html (872 words)

	Linuxexpo 1999: Day 4: Protecting Systems from Stack Smashing Attacks with StackGuard (Site not responding. Last check: )
		Stackguard was developped in a university by students.
		On microbenchmarks, stackguard does add some noticeable overhead to function calls, but in real life with daemons like ssh or apache, there is no measurable slowdown.
		You can find more information by looking at his slides, which are in the middle of the picture library, or you can also download and view the PDF version that was sent to me by Crispin.
	marc.merlins.org /linux/linuxexpo99/Day4/Conferences/Stackguard.html (181 words)

	Compilation Solutions in C/C++
		StackGuard works by inserting a ``guard'' value (called a ``canary'') in front of the return address; if a buffer overflow overwrites the return address, the canary's value (hopefully) changes and the system detects this before using it.
		This is quite valuable, but note that this does not protect against buffer overflows overwriting other values (which they may still be able to use to attack a system).
		If you've worked hard to eliminate buffer overflows in the code itself, then StackGuard (and tools like it) are are likely to be more effective because there will be fewer ``chinks in the armor'' that StackGuard will be called on to protect.
	www.dwheeler.com /secure-programs/Secure-Programs-HOWTO/compilation-c.html (715 words)

	Secure programmer: Countering buffer overflows
		Stackguard modifies the C compiler (gcc) so that a "canary" value is inserted in front of return addresses.
		Stackguard (as well as other defensive measures) is used by Immunix.
		Like StackGuard, ssp uses a modified compiler (gcc) to insert a canary in function calls to detect stack overflows.
	www-106.ibm.com /developerworks/linux/library/l-sp4.html (5955 words)

	Secure programmer: Countering buffer overflows
		Stackguard modifies the C compiler (gcc) so that a "canary" value is inserted in front of return addresses.
		Stackguard (as well as other defensive measures) is used by Immunix.
		Like StackGuard, ssp uses a modified compiler (gcc) to insert a canary in function calls to detect stack overflows.
	www.ibm.com /developerworks/linux/library/l-sp4.html (5963 words)

	[No title]
		StackGuard pushes a "canary" value (a direct descendant of the Welsh miner's canary) after the return address.
		Crispan admitted that the "5400% to 8800% overhead probably is not worth it." On the other hand, StackGuard requires a simple patch to gcc, which emits a little more in the function prolog and epilog.
		StackGuard function calls are more expensive, but GCC compilation time does not appear affected by StackGuard.
	www.ieee-security.org /Cipher/ConfReports/conf-rep-USENIX98.html (6361 words)

	Compilation Solutions in C/C++
		StackGuard works by inserting a ``guard'' value (called a ``canary'') in front of the return address; if a buffer overflow overwrites the return address, the canary's value (hopefully) changes and the system detects this before using it.
		This is quite valuable, but note that this does not protect against buffer overflows overwriting other values (which they may still be able to use to attack a system).
		If you've worked hard to eliminate buffer overflows in the code itself, then StackGuard (and tools like it) are are likely to be more effective because there will be fewer ``chinks in the armor'' that StackGuard will be called on to protect.
	www.tldp.org /HOWTO/Secure-Programs-HOWTO/compilation-c.html (715 words)

	Publications
		ColorPlus - new absorption measuring instrument made by SIGRIST
		StackGuard - new standard EN 14181 for emission measurement
		BRAU 2004 - Color and Turbidity Measurement with extraordinary low maintenance requirements
	www.photometer.ch /en/services/publications.asp (101 words)

	ISS X-Force Database: immunix-stackguard-bo(3524): Immunix StackGuard buffer overflow
		Immunix StackGuard pre 1.21 versions contain a buffer overflow that could allow attackers to read and write memory addresses.
		A local attacker could overflow StackGuard changing the value of the char * p pointer to point to anywhere in memory.
		CVE-1999-1111: Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.
	xforce.iss.net /xforce/xfdb/3524 (293 words)

	Immunix OS 7.0 (2CD) \| Дистрибутивы Linux \| Дистрибутивы \| Каталог товаров ...
		Compile from source with the StackGuard compiler to insure these new packages are StackGuard and FormatGuard protected.
		The SPEC files were modified to note that the package was StackGuard and FormatGuard protected and to test for a StackGuard compiler and FormatGuard glibc before building.
		The solution was to create a variant of the StackGuard just for it, called "lite", which doesn't provide a __canary_death_handler.
	www.linuxcenter.ru /shop/distros/linux-distros/immunix_os_70_2cd (1017 words)

	[No title] (Site not responding. Last check: )
		Since 1998, StackGuard patches to GCC have been used to protect entire distributions from stack smashing buffer overflows.
		In its history, the parts of GCC that StackGuard has operated in have twice changed enough to require complete overhauls of the StackGuard patch.
		Since StackGuard is a mature technology, even seeing re-implementations in other compilers, we propose that GCC adopt StackGuard as a standard feature.
	www.gccsummit.org /2003/view_abstract.php?talk=31 (112 words)

	Zhen Liu's Home Page (Site not responding. Last check: )
		StackGuard is a systematic solution to the buffer overflow problem.
		StackGuard is a simple compiler extension that limits the amount of damage that a buffer overflow attack can inflict on a program.
		Programs compiled with StackGuard are safe from buffer overflow attack, regardless of the software engineering quality of the program.
	www.cse.msstate.edu /~zliu/misc.htm (763 words)

	a/stackguard
		The StackGuard compiler itself is an enhancement to gcc 2.7.2.3, and for the most part is a drop-in replacement for gcc.
		The one major caveat is that StackGuard protection must be turned OFF to build the Linux kernel.
		The support for shared libraries and the enhanced performance are enabled by an enhancement originally proposed by der Mouse, to the effect that a null next to a value is not possible to overflow undetected, because string ops terminate on null.
	old.lwn.net /1998/0903/a/stackguard.html (559 words)

	UNIX SECURITY - A Few "Must Have" Security Tools
		StackGuard (www.immunix.org) - StackGuard is a compiler that makes programs much less vulnerable to buffer overflow attacks.
		StackGuard does integrity checks on the stack so that it cannot be corrupted by buffer overflows without being detected.
		They have even gone so far as to rebuild RedHat 6.2 using this marvel of compiling innovation and the result is the Immunix OS 6.2, which is available from the same site.
	www.itworld.com /nl/unix_sec/05172001 (541 words)

	Network Computing \| Feature \| Security \| Hardened Linux Puts Hackers EnGarde \| Page 2 \| June 10, 2002
		StackGuard is a set of patches for the standard GCC (GNU Compiler Collection) that causes the binaries produced to perform additional checks on stack operations.
		StackGuarded binaries write on the stack a small, additional "canary" value, which is checked when a function returns.
		If the canary value has changed, which happens in a typical buffer-overflow attack because the entire stack is overwritten in a brute-force manner, the program halts execution and logs an entry to syslog indicating the violation.
	www.networkcomputing.com /1312/1312f32.html (2433 words)

	Advisory: StackGuard vulnerability found & fixed
		ImmuniX OS is generally intended to aleviate the need for frequent patching; this is the first StackGuard vulnerability to be discovered since StackGuard was introduced in January 1998.
		Solution: The XOR Random Canary StackGuard 1.21 introduces a new canary defense mechanism: the XOR Random canary.
		Like the random canary mechanism, we choose a vector of 128 random canary words at exec() time, but we also XOR the canary with the return address word, so that the return address is bound to the random canary value.
	www.securityfocus.com /advisories/1845 (432 words)

Try your search on: Qwika (all wikis)