Results 1 to 7 of 7

Thread: GCC Stack Protecting Patch

  1. #1

    GCC Stack Protecting Patch

    I added a PET for IBM's Stack Protection Patch. It's simple, but those who have never patched GCC before can benifit.

  2. #2

    Re:GCC Stack Protecting Patch

    Are you able to explain what this does please? I don't have the faintest clue

  3. #3

    Re:GCC Stack Protecting Patch

    okay here goes nothing, remember I'm not a hardcore programmer, but:

    In Asm, fx you can get a creeping stack problem when you push variables onto the stack and forget to pop them off or otherwise adjust the stack pointer correctly.

    kinda like this.

    push two words (2 x one byte is a word) before a funktion call, then when you return you in your mindlessness only add 2 to the stack pointer (the stack pointer can single out one byte, but we can only push a word, thus adding 2 bytes to the stack pointer is making up for spending one word in the function - as you might have noticed the stack pointer unlike anything else (AFAIK) in memory goes top to buttom). Thus next time you call upon this function you will slowly but surely eat up all your stack space... neat right?

    Okay, that was quite simple, overflow attacks are as I understand it an attempt at finding bits of bad code that allow for a creeping stack problem.

    At least this is part of what my CPU design lectures are all about, coding good asm, to avoid these nasty stack problems.

    There's a text file that explains at bit about stack smashing...
    and even more info there
    But I've only quick read these articles for about 5 secs

    BTW. while I'm at it, OpenBSD has just make the GCC stack smashing protector patch a part of their default compiler, so it has been blessed by the security nuts, thus it must be good right?

    One more thing, at least in C/C++ on Linux writing out of bounds on an array will not crash your program as the kernel will expand your allokation, but Windows is not that fancy, it simple crashes the program with a nasty error message.... I would think the Windows way of handling this is smarter as it points out the error quite nicely, on Linux we can have the problem for ages untill someone finds it and uses it for a buffer overflow attack.... So for goodness sack be a safe programmer, there's no shame in counting on a piece of paper when working with arrays and strings, and it will safe you from the common "how many poles goes to make a 10 yard fences if it requires one pole per yard" errors.

  4. #4

    Re:GCC Stack Protecting Patch

    I almost forgot, the important bit about stack smashing is of course that you can have important data in the place where you overflow, thus changing parameters for the program and hopefully (if you're a baddie) crashing something important, thus granting you access to the system.

  5. #5

    Re:GCC Stack Protecting Patch

    Bravo Lovechild!

  6. #6

    Re:GCC Stack Protecting Patch

    [quote author=Ashcrow link=board=23;threadid=5919;start=0#56441 date=1040571811]
    Bravo Lovechild!

    I was right in the first go ?? damn... that has never happened to me before when answering programming questions..

  7. #7

    Re:GCC Stack Protecting Patch

    [quote author=Lovechild link=board=23;threadid=5919;start=0#56443 date=1040572074]
    [quote author=Ashcrow link=board=23;threadid=5919;start=0#56441 date=1040571811]
    Bravo Lovechild!

    I was right in the first go ?? damn... that has never happened to me before when answering programming questions..

    It was a pretty good explination!

    I'll add an simple example as well (all in psuedo-C):

    Lets say you wanted to copy a string from one char[] to another char[] ....

    unsigned int LENGTH = 10;
    char one[LENGTH];
    char two[15] = "ashcrowrocks"
    strcpy(one, two); // overwritten buffer!!!
    The buffer has been overwritten and is interfearing with another programs code. You could continue to write passed the buffer using the 'NULL SLIDE' effect and drop down into an area being controlled by a super user (root/Administrator) and inject shell code OR try to access the operating systems memory section and have the OS execute the code. There is usually some trial and error to try to map some of the stack, but after you get an idea of who's using what where you can chose your attack path.

    Two of the most helpfull things for C/C++ code (IMHO) are buffer/stack protection and having a non-executable stack.

Similar Threads

  1. protecting root password
    By Ashutoshh in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 03-17-2012, 11:07 AM
  2. GCC Stack Smashing Protection
    By peter in forum Tutorials
    Replies: 0
    Last Post: 11-24-2008, 05:48 AM
  3. Protecting from Attacks?
    By Wildheart in forum Linux - General Topics
    Replies: 5
    Last Post: 01-27-2006, 06:24 AM
  4. Protecting Files using PHP
    By shebang in forum Linux - Software, Applications & Programming
    Replies: 14
    Last Post: 10-29-2004, 02:48 PM
  5. Format/Stack Gaurd
    By Ashcrow in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 01-20-2002, 05:17 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts