[nycbug-talk] MS moves on. . .

Dan Langille dan
Thu May 20 10:31:04 EDT 2004


On Thu, 20 May 2004, Pete Wright wrote:

> G.Rosamond wrote:
>
> >
> > However, one thing Theo mentioned in his Exploit Mitigation
> > Techniques  talk was about OBSD's use of canaries to avoid buffer
> > overflows.   Apparently, MS is doing the same, although their
> > placement of canaries  does nothing.  It would be good if someone
> > could elaborate on the role  of canaries. . .
> >
> from what i understood was that MS inserts the canaries at compile time,
> not run time.  so the canarie is in the same location on each build of
> windows.  still confused as to what a canarie is tho...

It's not that it's in the same location, it's always the same value.  A
canary refers to the practice of carrying them into mines.  If the canary
dies, the air is bad, get out.

This canary is a random value.  If it changes, something has gone wrong.
Get out.  In this case, the value is created at compile time.  So it'll be
the same value every time it runs.  Which means it isn't random.

> > Interestingly enough, it was the only anti-MS comment I heard the
> > entire weekend at BSDCan. . .
> >
> yea, i actually heard alot of people comparing features agains windows,
> not linux/solaris as i expected.  actaully the FUD/flamming was quite
> low which was really nice!

FUD/flaming is not part of productive activity.  So it really shouldn't be
there.  :)

-- 
Dan Langille - BSDCan: http://www.bsdcan.org/




More information about the talk mailing list