Attacks That Cannot Be Protected Against
Stack-smashing protection is unable to protect against certain forms of attack. For example, it cannot protect against buffer overflows in the heap.
StackGuard and ProPolice cannot protect against overflows in automatically allocated structures which overflow into function pointers. ProPolice at least will rearrange the allocation order to get such structures allocated before function pointers. A separate mechanism for pointer protection was proposed in PointGuard and is available on Microsoft Windows.
There is no sane way to alter the layout of data within a structure; structures are expected to be the same between modules, especially with shared libraries. Any data in a structure after a buffer is impossible to protect with canaries; thus, programmers must be very careful about how they organize their variables and use their structures. In C and C++, structures with buffers should either be malloced or obtained with new.
Read more about this topic: Buffer Overflow Protection
Famous quotes containing the words attacks and/or protected:
“There exists, at the bottom of all abasement and misfortune, a last extreme which rebels and joins battle with the forces of law and respectability in a desperate struggle, waged partly by cunning and partly by violence, at once sick and ferocious, in which it attacks the prevailing social order with the pin-pricks of vice and the hammer-blows of crime.”
—Victor Hugo (1802–1885)
“When a girl’s under 21, she’s protected by law. When she’s over 65, she’s protected by nature. Anywhere in between—she’s fair game.”
—Stanley Shapiro (1925–1990)