Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
June 14, 2005
The injected attack code typically spawns a shell with root privileges.
StackGuard will prevent the injected attack code from executing. The next slide discusses their method.
If a program is written with a buffer overflow vulnerability, then the attacker can crash Stack Guard
StackGuard prevents change to the return address of a function on the stack by either preventing change to the address or by preventing the write to the return address.
StackGuard is more effective when the return address cannot be altered, however there is more overhead.
StackGuard can run in both modes.
1. Locate the stack frame of the buffer by chasing down the saved frame pointer.
2. Retrieve the return address of the next stack frame to find out who allocated the stack frame.
3. Locate the function who allocated the stack frame by comparing the return address with function addresses in the type table.
4. Locate the buffer of the function by comparing the buffer address with offsets in the table + frame pointer value,
5. The size of the buffer (or the size of a field if it is a struct variable) is returned