StackShield, StackGuard, and Stack Smashing Protection (SSP)
StackShield is a replacement to the gcc compiler that catches unsafe operations at compile
time. Once installed, the user simply issues shieldgcc instead of gcc to compile programs.
In addition, when a function is called, StackShield copies the saved return
address to a safe location and restores the return address upon returning from the
function.
StackGuard was developed by Crispin Cowan of Immunix.com and is based on a system
of placing ???canaries??? between the stack buffers and the frame state data. If a buffer
overflow attempts to overwrite saved eip, the canary will be damaged and a violation
will be detected.
Stack Smashing Protection (SSP), formerly called ProPolice, is now developed by
Hiroaki Etoh of IBM and improves on the canary-based protection of StackGuard by
rearranging the stack variables to make them more difficult to exploit. SSP has been
incorporated in gcc and may be invoked by the ??“fstack-protector flag for string
protection and ??“fstack-protector-all for protection of all types of data.
As implied by their names, none of the tools described in this section offers any protection
against heap-based attacks.
Kernel Patches and Scripts
Many protection schemes are introduced by kernel level patches and scripts; however,
we will only mention a few of them.
Pages:
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365