On Fri, 8 Jul 2005, ALeine wrote:
> [EMAIL PROTECTED] wrote: > > > On Fri, 8 Jul 2005, Jeremie Le Hen wrote: > > > > > Hello hackers, > > > > > > I'm going to disturb you once again with ProPolice. The > > > original ProPolice patch, as well as most of FreeBSD variants > > > and Linux one, uses /dev/urandom to fill the "canary" with > > > random data (the canary is what is going to be put between > > > buffer and return address in the stack). OTOH, OpenBSD uses > > > kern.arnd sysctl to achieve this (this is a sysctl front-end > > > to the arc4random() function). > > > > Just one question, why does the canary have to be filled with > > random data? Why not just zero it? sure you get a single random > > value to find out how many zero's to use, but why waste that much > > good-quality random data (and of course if there isn't enough in > > urandom, you would have to make it loop till there is enough unless > > you make it just leave the rest as-is) > > > > IMHO there is no advantages (well, that i can see) of having it > > random data rather than just NULL... > > > > Feel free to correct me if i'm wrong... > > You're wrong, when the canary value is fixed and known (such as in > terminator canaries), there are cases where an attacker could manage > to reset the canary to the expected value and circumvent the protection > mechanism. That chance doesn't exist with random canaries. AFAIK, > ProPolice supports both terminator and random canaries. > > As for the original topic, I would prefer the sysctl front-end, IMO it's > more consistent with other BSDs and more clean and direct while extending > open(2) would only appear transparent at the expense of needlessly > increasing the complexity of open(2). I was meaning random length fixed value... and unless the attacker wants to set the return address to 0x0... ~NVX _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
