Article delegate-en/642 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A636@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegate Security - Buffer Overflows
27 Nov 1999 15:55:40 GMT ysato@etl.go.jp (Yutaka Sato)


On 11/18/99(19:12) I wrote in <_A636@delegate-en.ML_>
 |But all of these are platform dependent thus are hard to be portable.
 |So I thought a simple and portable solution out now which may be
 |feasible for a while, that is "stack-base randomization".  I enclosed

I thought out one more device which will be effective to prevent that
kind of attack, that is "file-descriptor randomization", like enclosed.

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

diff -cr ../delegate6.0.3/src/delegated.c ./src/delegated.c
*** ../delegate6.0.3/src/delegated.c	Thu Nov 25 11:08:25 1999
--- ./src/delegated.c	Sun Nov 28 00:00:03 1999
***************
*** 3307,3312 ****
--- 3307,3314 ----
  
  	ABMwhere = "accepting1";
  	clsock = ACCEPT1(svsock,1,exlock,1,sockname);
+ 	if( 0 <= clsock )
+ 		clsock = randfd(clsock);
  	ACCEPT_TIME = Time();
  	if( clsock < 0 )
  		sv1log("AcceptByMain[%d]: taken by a Sticky (%d)?\n",svsock,
***************
*** 3429,3434 ****
--- 3431,3438 ----
  		if( 0 <= clsock )
  			break;
  	}
+ 	if( 0 <= clsock )
+ 		clsock = randfd(clsock);
  	ACCEPT_TIME = Time();
  EXIT:
  	if( 0 <= shlock )
diff -cr ../delegate6.0.3/rary/randstack.c ./rary/randstack.c
*** ../delegate6.0.3/rary/randstack.c	Fri Nov 19 16:34:22 1999
--- ./rary/randstack.c	Sun Nov 28 00:46:16 1999
***************
*** 64,66 ****
--- 64,94 ----
  	arg.s_count = size;
  	return call1(&arg);
  }
+ 
+ /*
+  * This must be 32 or smaller because current implementation assumes
+  * the fd_mask as an integer of 32 bits. (PollIn(), etc)
+  */
+ int RANDFD_MAX = 32;
+ 
+ randfd(fd)
+ {	unsigned int sec,usec,foff;
+ 	int xfd;
+ 
+ 	if( RANDFD_MAX == 0 )
+ 		return fd;
+ 	else{
+ 		sec = Gettimeofday(&usec);
+ 		foff = getpid() + sec ^ usec/1000;
+ 		xfd = fd + foff % (RANDFD_MAX - fd - 1) + 1;
+ 		if( dup2(fd,xfd) < 0 )
+ 			xfd = dup(fd);
+ 		if( 0 <= xfd )
+ 			close(fd);
+ 		else	xfd = fd;
+ 		/*
+ 		fprintf(stderr,"##[%d]## RANDFD %d -> %d\n",getpid(),fd,xfd);
+ 		*/
+ 		return xfd;
+ 	}
+ }

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V