lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20050819064920.9ab3h27wc5s8804s@mail.doctorunix.com>
Date: Fri Aug 19 12:49:41 2005
From: trains at doctorunix.com (trains@...torunix.com)
Subject: Bypassing the new /GS protection in VC++ 7.1

Quoting Valdis.Kletnieks@...edu:

> On Fri, 19 Aug 2005 12:17:25 +0800, leaf said:
>> Hey,
>> Buffer overflows will be harder and harder. Maybe game is over.
>
> The game will never be over.  The best you can hope for is to find a
> cost-effective way to raise the bar high enough to keep the likelyhood
> that you'll get hacked down to an acceptable level.

There are a hundred (or more) ways to exploit a system.  Even if /GS is 
100% effective at preventing an executable stack segment, it simply 
means that one of the hundred openings is closed.

Buffer overruns will probably exist in some other DLL on the system and 
that will become the new infection vector.

I think it's a good thing, but its a very tiny step.  I have been a 
systems programmer for more that 30 years, and I try to make my code as 
secure as possible.  The code I wrote 15 years ago is probably 
completely exploitable by buffer overruns and who knows what else.  The 
code I wrote last month would be much more difficult.

Consider this:   The program that has no buffer overrun vulnerabilities 
got that way because a programmer cared enough and was skilled enough 
to do it right.  What the /GS suggests (I am not on V7 yet, so I dont 
have first hand experience here) is that any slacker can cobble 
together a poorly concieved interface with no input checking and super 
weak security-by-obscurity, bloated cookies loaded with personal info,  
and still sleep nights knowing that his app is invulnerable.

Sounds good to me.  By the way, if I do eventually upgrade to 7 I 
intend to figure out how to exploit the /GS, just cause I think it's 
cool.

tc

-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact:    services@...torunix.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ