Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Compiler tools
Protect the return
pointer
Examples: Placing a
canary on the stack to detect buffer overflows such as StackGuard, or adding automatic bounds checking for all strings on
the stack like libsafe
Pros:
Does not require that existing code be modified (although it sometimes
must be recompiled)
Will effectively prevent stack smashing attacks
Cons:
Not all buffer overflow attacks are stack
smashing attacks, program execution can be hijacked using
heap-based attacks and data can always be corrupted
Significant performance overhead
StackGuard causes the program to halt upon detection of a buffer overflow
leaving it open to
denial-of-service attacks
StackGuard requires that the target program to be protected is recompiled,
libsafe doesnt