Contributed by dhartmei on from the foil-stack-smashers-for-fun-and-profit dept.
StackGhost uses a unique hardware feature of the Sun sparc architecture (that being: deferred on-stack in-frame register window spill/fill) to detect modifications of return pointers (a common way for exploits to hijack execution paths) transparently, automatically protecting all applications without requiring binary or source modifications. The performance impact is negligible (less than one percent), but resulting gdb (the GNU debugger) issues were only recently resolved, allowing enabling the feature now.
The same techniques might in the future by applied to OpenBSD/sparc64.
- Theo's commit message
- StackGhost: Hardware Facilitated Stack Protection by Mike Frantzen and Mike Shuey, Proceedings Usenix Security 2001
- StackGhost homepage at CERIAS
(Comments are closed)
By Anonymous Coward (213.118.165.230) on
Or is it just that exploits uncaught by one mechanism may be caught by the other?
Comments
By djm (203.217.28.239) on
Comments
By Anonymous Coward (213.118.165.230) on
Or is gdb just a special case (I can imagine a debugger needs to do quite some funny stuff with the registers and such)?
Comments
By Anthony (68.145.111.152) on
Comments
By krh (207.75.182.30) on
That's irrelevant to the previous poster's question. (Besides which, most of that stuff does deserve to break.)
The above-linked copy of Mike Frantzen and Mike Shuey's Usenix presentation includes this comment:
"Userland debuggers are currently broken by the XOR cookies. They will not be able to backtrace since the in-core return pointers are obviously distorted. The in-kernel core dump mechanism may be able to walk the stack and cleanse each activation record in the program. Further research must be done. Threaded programs would present an additional beast for reasons outlined above by the kernel return stack.
Debugging via Ptrace() will also present problems for the parent processes since the in-core program counter will have been modified by StackGhost."
This makes it sound like most programs should be unaffected. The only exception that comes to mind is GCC's much-hated trampolines--but I don't think much real-world code actually uses nested functions, so there shouldn't be any problems. (Yes, I know we've had a discussion about whether nested functions are "real-world". Let's not start it again.)
By tedu (128.12.75.69) on
Comments
By PaX Team (81.182.76.250) on
Comments
By tedu (128.12.75.69) on
By Anonymous Coward (195.217.242.33) on