Random stack

[von thorma]

> > Is this the right way to go?  We're adding more
> bloat while openbsd is 
> > cleaning itself and reworking kernal memory
> allocation to make exploits 
>                       
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > near impossible.
>    ^^^^^^^^^^^^^^^
> 
> Er, what?

They have randomized the location in memory where the
software will place the stack by adding a randomly
sized gap at the top of the stack. Next, they altered
the way addresses are stored within the stack and
added a way to detect attacks on the stack. They did
this by putting buffers closer to the return addresses
in the stack, resulting in lower flags and pointers,
making them harder for a hacker to hit. The attack
detection was accomplished by adding a “canary” that
will indicate whether any addresses have been altered.

They also broke main memory into two pieces. The first
one is devoted to executing code and the second one is
isolated as a writable section. The assignment of all
pages to one section or another means that no page
will be both writable and executable at the same time.


> 
> -- 
> Christian "naddy" Weisgerber                        
>  naddy at mips.inka.de
> 
> _______________________________________________
> freebsd-chat at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
> To unsubscribe, send any mail to
> "freebsd-chat-unsubscribe at freebsd.org"





		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail