lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 04 Feb 2004 13:26:29 +0800
From: Leon Harris <leon@...ll.com>
To: Hilmi Ozdoganoglu <cyprian@...due.edu>
Cc: bugtraq@...urityfocus.com
Subject: Re: http://www.smashguard.org


Interesting paper.
Certain apps (notably java virtual machines) manipulate stack return 
addresses. I understood that one of the advantages of Immunix's product 
StackGuard was that you could still run these types of apps by 
statically linking them against a normal libc (and chrooting them or 
otherwise confining them). If the protection is mandatory, and in 
hardware, then surely these types of app wont work.

Cheers,
Leon

Hilmi Ozdoganoglu wrote:

 >        SmashGuard is a hardware-based solution developed at Purdue
 >University  to prevent Buffer-Overflow Attacks realized by overwriting the
 >Function  Return Address (patent-pending).  The design of SmashGuard is a
 >kernel patch that supports CPUs modified to support SmashGuard protection.
 >
 > For details please refer to the  TechReports at:
 >
 >    http://www.smashguard.org
 >
 >  In addition to details of SmashGuard, the site serves as a comprehensive
 >resource for buffer overflow attacks/prevention/detection. On "the buffer
 >overflow page" we provide links to research papers, known exploits, safer
 >C languages, patents, audit tools and more.  If you can think of a site or
 >resource that should be added please send email to our webmaster
 >(cyprian@...due.edu)
 >
 >-SmashGuard Group
 >




Powered by blists - more mailing lists