Theo de Raadt [interview] announced that StackGhost has been enabled on the OpenBSD/sparc architecture. Theo explains:
"The above paper by Mike Frantzen describes a ProPolice-like security technology for protecting the stack on sparc (v6 v7 v8) machines. While ProPolice is a compiler modification (ie. the compiler produces "stack checking" code) -- StackGhost is a very small modification to the register window spill/fill handlers.. used to gain a similar security benefit, this is all possible because of the particular (curious, strange, weird) method of same-stack register window saving used by the sparc calling convention."
Essentially, StackGhost provides return-address modification protection (frequently used in buffer overflow attacks), at basically no cost. The original code was written several years ago for OpenBSD 2.8 by Mike Frantzen, but only enabled now thanks to the merging of gdb 6.1 and some code written by Mark Kettenis. The paper linked above describes some performance costs associated with this protection functionality, but these costs have been nearly entirely optimized away by Mike and Theo since the paper was written.
From: Theo de Raadt [email blocked] To: tech Subject: StackGhost enabled (sparc) Date: Sat, 22 May 2004 21:15:14 -0600 http://stackghost.cerias.purdue.edu/stackghost.pdf The above paper by Mike Frantzen describes a ProPolice-like security technology for protecting the stack on sparc (v6 v7 v8) machines. While ProPolice is a compiler modification (ie. the compiler produces "stack checking" code) -- StackGhost is a very small modification to the register window spill/fill handlers.. used to gain a similar security benefit, this is all possible because of the particular (curious, strange, weird) method of same-stack register window saving used by the sparc calling convention. As some of you have noted, gdb was just upgraded to 6.1, which allows me to ... do the following commit: CVSROOT: /cvs Module name: src Changes by: [email blocked] 2004/05/22 20:59:06 Modified files: sys/arch/sparc/sparc: machdep.c Log message: Three years ago, Mike Frantzen invented StackGhost -- a simple tweak to the register window spill/fill routines which made buffer overflows much more difficult to exploit. This code was integrated (and optimized) into OpenBSD/sparc, but could not be enabled because the interface changes affected gdb deeply. Mike and I (independently) failed to write gdb support, so StackGhost was left disabled. Until today, two years later.. because Mark Kettenis has written the neccessary code! Here comes the 1 line diff that enables StackGhost! Thanks Mark! This means that lx/ss4/ss5/ss10/ss20 machines now have three technologies together: W^X ProPolice StackGhost
| Lock contention | 12 hours ago | Linux kernel |
| PAGE_ALIGN | 1 day ago | Linux kernel |
| bootsplash patch for kernel 2.6.25.3-zen1 | 2 days ago | Linux kernel |
| Resetting the bios password for Toshiba Laptop | 2 days ago | Hardware |
| sysfs_create_group() | 2 days ago | Linux general |
| temporary mapping | 3 days ago | Linux kernel |
| ATI ES1000 driver | 3 days ago | Linux general |
| Can anyone tell me the Procedure to create an init ramdisk using busybox | 5 days ago | Linux general |
| mapping of High Memory to ZONE_NPRMAL | 1 week ago | Linux kernel |
| Page global directory | 1 week ago | Linux kernel |
Cool!!
Very cool. Nice to know my SparcStation 20 is still on the cutting edge of technology. :)