Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Compiler tools
Protect the return pointer
Protect the return pointer
Examples: Placing a
canary on the stack to detect buffer overflows such as StackGuard, or adding automatic bounds checking for all strings on
the stack like libsafe
Pros:
Does not require that existing code be modified (although
it sometimes must be recompiled)
Will effectively prevent stack smashing attacks
Cons:
Not all buffer overflow attacks are stack
smashing attacks, program execution can be hijacked using heap-based attacks and data can always
be corrupted
Significant performance overhead
StackGuard causes the program to halt upon detection of a
buffer overflow leaving it open to
denial-of-service attacks
StackGuard requires that the target program to be
protected is recompiled, libsafe doesnt