Buffer Overflow Protection - Attacks That Cannot Be Protected Against

Attacks That Cannot Be Protected Against

Stack-smashing protection is unable to protect against certain forms of attack. For example, it cannot protect against buffer overflows in the heap.

StackGuard and ProPolice cannot protect against overflows in automatically allocated structures which overflow into function pointers. ProPolice at least will rearrange the allocation order to get such structures allocated before function pointers. A separate mechanism for pointer protection was proposed in PointGuard and is available on Microsoft Windows.

There is no sane way to alter the layout of data within a structure; structures are expected to be the same between modules, especially with shared libraries. Any data in a structure after a buffer is impossible to protect with canaries; thus, programmers must be very careful about how they organize their variables and use their structures. In C and C++, structures with buffers should either be malloced or obtained with new.

Read more about this topic:  Buffer Overflow Protection

Famous quotes containing the words attacks and/or protected:

    Leadership does not always wear the harness of compromise. Once and again one of those great influences which we call a Cause arises in the midst of a nation. Men of strenuous minds and high ideals come forward.... The attacks they sustain are more cruel than the collision of arms.... Friends desert and despise them.... They stand alone and oftentimes are made bitter by their isolation.... They are doing nothing less than defy public opinion, and shall they convert it by blows. Yes.
    Woodrow Wilson (1856–1924)

    U.S. international and security policy ... has as its primary goal the preservation of what we might call “the Fifth Freedom,” understood crudely but with a fair degree of accuracy as the freedom to rob, to exploit and to dominate, to undertake any course of action to ensure that existing privilege is protected and advanced.
    Noam Chomsky (b. 1928)