Subject: Re: Stackghost in OpenBSD: buffer overflow protection
To: Darren Reed <avalon@cairo.anu.edu.au>
From: Clay McClure <clay@daemons.net>
List: port-sparc
Date: 09/22/2001 13:34:55
Hi Darren,

I must say I was rather eager to here that particular presentation, but
when I showed up to the conference and picked up a copy of the
proceedings, I noticed their technique wasn't anything revolutionary. 
Anyway, I still think it's a good idea, and there may be a few other
tweaks which can be done to improve performance.

I am still unsure of how expensive the register window
overflow/underflow processing is.  The paper implies that each process
gets its own clean set of register windows when started, so only
programs which have function nesting deeper than X functions need to be
examined by the kernel (where X is the number of register windows on the
CPU, typically 8 or 16).  I was under the impression that the kernel and
C run-time startup code would use most of the clean register windows,
meaning that almost all function calls would cause register window
overflows which would need to be examined by the kernel.  That is the
question I was asking at the conference, which Casper was nice enough to
answer for me.

There may be some more efficient ways to prevent stack buffer overflows
on the SPARC, playing with the MMU, but I don't have any details ironed
out yet.  SPARCv9 has some neat features, address space identifiers,
etc, but I'm not sure how to use those yet.

Anyway, I would be interested in helping implement this for NetBSD.  I
don't have much BSD coding experience, but I'm pretty familiar with
SPARC assembly (v8 and v9).

 ~ Clay


Darren Reed wrote:
> 
> At Usenix security symposium, one of the OpenBSD hacks (without a sense of
> humour, I might add) presented a paper on buffer overflow protection by
> hijacking register window changes.  The home page for the work done on this
> can be found at:
> 
> http://stackghost.cerias.purdue.edu
> 
> Aside from Casper Dik telling the guy how register windows worked during
> question time, it seems like a generally good idea.  Does one of the sparc
> gurus here want to review for adoption in NetBSD ?  I'd have a go at it
> but it is messing with stuff that I know others are better prepared to
> deal with.
> 
> Darren