[PLUG] First JPEG virus is out there

Daggett, Steve Steve.Daggett at fiserv.com
Wed Sep 29 10:49:02 UTC 2004


 
Randal wrote:
> 
> >>>>> "Steve" == Daggett, Steve <Steve.Daggett at fiserv.com> writes:
>> `smash the stack` [C programming] n. On many C implementations
>> it is possible to corrupt the execution stack by writing past
>> the end of an array declared auto in a routine. Code that does
>> this is said to smash the stack, and can cause return from the
>> routine to jump to a random address.
<SNIPAGE>
> 
> And virtually impossible in OpenBSD now, thanks to W^X, 
> randomized stack pointers, sentry elements on the stack, and 
> randomized order of dynloading.
> 
> Yeay, OpenBSD.  Helping me sleep at night once again.

  There are also assorted non-executable stack patches for Linux and GCC
that do the same kind of thing.  Including, Crispin's Immunix StackGuard.

  Newer Intel and AMD CPUs include a technology called Data Execution
Prevention (DEP).  The DEP allows specific memory pages to be marked
non-executable.  There is apparently work being done in the Linux kernel to
support DEP.  M$ XP is also moving to DEP based stack protection.  

Steve D...





More information about the PLUG mailing list