Attacks That Cannot Be Protected Against
Stack-smashing protection is unable to protect against certain forms of attack. For example, it cannot protect against buffer overflows in the heap.
StackGuard and ProPolice cannot protect against overflows in automatically allocated structures which overflow into function pointers. ProPolice at least will rearrange the allocation order to get such structures allocated before function pointers. A separate mechanism for pointer protection was proposed in PointGuard and is available on Microsoft Windows.
There is no sane way to alter the layout of data within a structure; structures are expected to be the same between modules, especially with shared libraries. Any data in a structure after a buffer is impossible to protect with canaries; thus, programmers must be very careful about how they organize their variables and use their structures. In C and C++, structures with buffers should either be malloced or obtained with new.
Read more about this topic: Buffer Overflow Protection
Famous quotes containing the words attacks and/or protected:
“We are supposed to be the children of Seth; but Seth is too much of an effete nonentity to deserve ancestral regard. No, we are the sons of Cain, and with violence can be associated the attacks on sound, stone, wood and metal that produced civilisation.”
—Anthony Burgess (b. 1917)
“Free competition exists inside shelters of law, custom, insurance, political approval, and carefully protected status.”
—Mason Cooley (b. 1927)