Contributed by dhartmei on from the foil-stack-smashers-for-fun-and-profit dept.
StackGhost uses a unique hardware feature of the Sun sparc architecture (that being: deferred on-stack in-frame register window spill/fill) to detect modifications of return pointers (a common way for exploits to hijack execution paths) transparently, automatically protecting all applications without requiring binary or source modifications. The performance impact is negligible (less than one percent), but resulting gdb (the GNU debugger) issues were only recently resolved, allowing enabling the feature now.
The same techniques might in the future by applied to OpenBSD/sparc64.
- Theo's commit message
- StackGhost: Hardware Facilitated Stack Protection by Mike Frantzen and Mike Shuey, Proceedings Usenix Security 2001
- StackGhost homepage at CERIAS
(Comments are closed)