Stack Guard

• Most buffer overruns are the result of string copies; null or newline or eof takes care of most cases
• Canaries can be random, null, or null/cr/nl/-1
• Remember BIND reverse-lookup exploit? I like random canary.
• http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard

Previous slide

Next slide

Back to the index

View Graphic Version

No notes for slide 27