| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40208285.5040707@quoll.com> Date: Wed, 04 Feb 2004 13:26:29 +0800 From: Leon Harris <leon@...ll.com> To: Hilmi Ozdoganoglu <cyprian@...due.edu> Cc: bugtraq@...urityfocus.com Subject: Re: http://www.smashguard.org Interesting paper. Certain apps (notably java virtual machines) manipulate stack return addresses. I understood that one of the advantages of Immunix's product StackGuard was that you could still run these types of apps by statically linking them against a normal libc (and chrooting them or otherwise confining them). If the protection is mandatory, and in hardware, then surely these types of app wont work. Cheers, Leon Hilmi Ozdoganoglu wrote: > SmashGuard is a hardware-based solution developed at Purdue >University to prevent Buffer-Overflow Attacks realized by overwriting the >Function Return Address (patent-pending). The design of SmashGuard is a >kernel patch that supports CPUs modified to support SmashGuard protection. > > For details please refer to the TechReports at: > > http://www.smashguard.org > > In addition to details of SmashGuard, the site serves as a comprehensive >resource for buffer overflow attacks/prevention/detection. On "the buffer >overflow page" we provide links to research papers, known exploits, safer >C languages, patents, audit tools and more. If you can think of a site or >resource that should be added please send email to our webmaster >(cyprian@...due.edu) > >-SmashGuard Group >
Powered by blists - more mailing lists