siti wrote:I was wondering if there is any point in having IBMs Propolice stack protector enabled as well as having ETDYN and Pax enabled?
there is of course a point in having multiple layers of defense (which is what this case is about), the more important question to answer is what combination you need/can afford.
Propolice protects against linear stack overflow exploit methods that want to change data (typically pointers) beyond the random canary on the stack. PaX protects against a (much) more generic category of exploit methods but it does so at a later phase in the attack (PaX allows the use of attacker modified pointers while Propolice does not, also Propolice prevents the modification of certain local variables/function arguments that would otherwise be exposed) therefore in the particular case where Propolice prevents the exploit PaX alone may be defeated. so if you're concerned about this exploit method (as in you want more guarantees than what PaX gives you for this case) then you're better off by using Propolice as well.
personally my preferred compiler based approach will be the stack frame reorganization of Propolice coupled with my planned return-to-libc prevention technique (return location checking as described in
http://pageexec.virtualave.net/docs/pax-future.txt).
Because I would rather turn off Propolice because it does give another preformance problem.
what kind of performance problems do you see? maybe you should also talk to the propolice author.
Posted: Sat Sep 13, 2003 1:44 am