Subscribe

0

Tech

OpenBSD 3.3 immune to buffer overflow

author-image
CIOL Bureau
Updated On
New Update

BANGALORE: In the fourth annual CanSecWest/core03 conference held during April 9-11, 2003, Theo DeRaadt outlined the major advanced made by OpenBSD especially on the security front.

OpenBSD has always been a strong believer in security and is considered to be the industry benchmark for security. OpenBSD is exported with cryptography, it often takes cryptographic approaches towards fixing security problems.

"A buffer overflow attack works when an hacker sends a program requesting enough data that causes a memory overflow and enables him to write onto the otherwise forbidden memory locations.


Buffer overflows can never be completely eliminated", says Vaidhy G Mayilrangam, Senior Technical Leader, Aztec Software And Technology Services Limited. But OpenBSD has made it very difficult for a hacker to attack by randomizing the location of the system stack. The team has integrated the ProPolice stack protection technology into the system compiler. This protection is enabled by default. With this change, function prologues are modified to rearrange the stack: a random canary is placed before the return address, and buffer variables are moved closer to the canary so that regular variables are below, and harder to smash. The function epilogue then checks if the canary is still intact. If it is not, the process is terminated. This change makes it very hard for an attacker to modify the return address used when returning from a function.

The other features introduced to counter buffer overflow is:


  1. The reordering of local variables to place buffers after pointers to avoid the corruption of pointers that could be used to further corrupt arbitrary memory locations,

  2. The copying of pointers in function arguments to an area preceding local variable buffers to prevent the corruption of pointers that could be used to further corrupt arbitrary memory locations, and

  3. Omission of instrumentation code from some functions to decrease the performance overhead.

    4. W^X (pronounced: "W xor X") on architectures capable of pure execute-bit support in the MMU (sparc, sparc64, alpha, hppa). This is a fine-grained memory permissions layout, ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa. This raises the bar on potential buffer overflows and other attacks: as a result, an attacker is unable to write code anywhere in memory where it can be executed.

    The hurdle that the OpenBSD group needs to overcome is that while 64-bit processors have such memory protections available, the most-popular 32-bit processors don"t.

    tech-news