Stack Shield is a development tool that adds protection from "stack smashing" technique attacks to programs whithout any change in the code.
This technique consists in overflowing buffers by sending to the program an unexpected amount of input data, causing the overwrite of the function RET address that changed to anything the attacker wants (usualy to an address of a location within the buffer overflowed). When a function returns it jumps to its RET address, executing the istruction put into the buffer. So the attacker gets the program executing any istruction he wants.
The Stack Shield protection system copy the RET address in an unoverflowable location (the begining of the DATA segment) on function prologs (on function beginings) and check if the two values are different on function epilogs (before the function returns). If the two values are different the RET address has been modified so Stack Shield terminates the program or try to let the program run ignoring the attack (risking at maximum a program crash).
Stack Shield implements also range checks on the RET address and the CALLs addresses. (It is able to stop frame pointer and function pointer overwrite attacks).
Stack Shield works as a assembler file processor and is supported by GCC/G++ front ends to automatize the compilation. No code change or other special operations are required (Only makefiles need minor changes, but a front end will be added in future versions to automatize this).
For more detailed info about Stack Shield please refer to the TECNICAL file included in the downloadable archives.
|Download Stack Shield||Home page||Links to other sources||Feedback|