Canary value: Difference between revisions
imported>Eric M Gearhart (Direct link to relevant section) |
Pat Palmer (talk | contribs) (removing PropDel) |
||
(4 intermediate revisions by 4 users not shown) | |||
Line 7: | Line 7: | ||
{{cite web| url=http://citeseer.ist.psu.edu/cowan98stackguard.html| | {{cite web| url=http://citeseer.ist.psu.edu/cowan98stackguard.html| | ||
title="StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks"| | title="StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks"| | ||
date= | date=Retrieved 12-April-2007}} | ||
</ref> | </ref> | ||
Line 14: | Line 14: | ||
{{cite web| url=http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1146| | {{cite web| url=http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1146| | ||
title="Four different tricks to bypass StackShield and StackGuard protection"| | title="Four different tricks to bypass StackShield and StackGuard protection"| | ||
date= | date=Retrieved 12-April-2007}} | ||
</ref> | </ref> | ||
The name "Canary value" is taken from a common practice during the history of mining operations. A | The name "Canary value" is taken from a common practice during the history of mining operations. A canary was brought into the mine by miners while work is being done, and if the canary stops singing or dies (presumably because of something dangerous in the air such as a poisonous gas) the miners know to get out of the mine before they breathe too much of whatever happened to kill the canary.<ref> | ||
{{cite web| url=http://www.tccweb.org/penncoal.htm#Mine%20Canaries| | {{cite web| url=http://www.tccweb.org/penncoal.htm#Mine%20Canaries| | ||
title="Pennsylvania Coal Mine History"| | title="Pennsylvania Coal Mine History"| | ||
date= | date=Retrieved 2009-07-01}} | ||
</ref> | </ref> | ||
Line 33: | Line 33: | ||
==References== | ==References== | ||
<references/> | <references/>[[Category:Suggestion Bot Tag]] |
Latest revision as of 23:46, 7 November 2024
In computer science, and in particular computer security and code generation, the use of canary values is a strategy to detect buffer overflow attacks at run time, without requiring the programmer to modify any source code. Implemented within a compiler, canary values modify a program's stack frame to detect---but not prevent---buffer overflow attacks, imposing a worst case behavior for the system under attack. Notable examples of canary value systems are StackGuard and ProPolice.
The method is simple. The compiler generates additional instructions, so that the function prologue will add a so-called canary value to the stack frame between the return address and the local variables. This canary value is a random number chosen when the program begins. Then, additional instructions are inserted into the function epilogue which check the canary value, as it appears in the stack frame. If incorrect, the new instructions cause the program to go into a fail-safe mode (usually immediate termination), as to control the program's worst-case behavior while under attack. Canary values can work, because most stack smashing attacks which successfully overwrites the return address will also overwrite the canary value, and it is unlikely that the attacker will be able to guess the canary value. [1]
At least four attacks have been developed against this sort of protection. [2]
The name "Canary value" is taken from a common practice during the history of mining operations. A canary was brought into the mine by miners while work is being done, and if the canary stops singing or dies (presumably because of something dangerous in the air such as a poisonous gas) the miners know to get out of the mine before they breathe too much of whatever happened to kill the canary.[3]
See Also
References
- ↑ "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks" (Retrieved 12-April-2007).
- ↑ "Four different tricks to bypass StackShield and StackGuard protection" (Retrieved 12-April-2007).
- ↑ "Pennsylvania Coal Mine History" (Retrieved 2009-07-01).