8209211 2002-03-27 00:32 +0100  /32 rader/ Vincent <glaume@enseirb.fr>
Sänt av: joel@lysator.liu.se
Importerad: 2002-03-28  00:19  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: vuln-dev@securityfocus.com
Extern mottagare: focus-linux@securityfocus.com
Extern mottagare: debian-security@lists.debian.org
Externa svar till: glaume@enseirb.fr
Mottagare: Bugtraq (import) <21611>
Ärende: A buffer overflow study - generic protections
------------------------------------------------------------
From: Vincent <glaume@enseirb.fr>
To: bugtraq@securityfocus.com, vuln-dev@securityfocus.com,
 focus-linux@securityfocus.com, debian-security@lists.debian.org
Message-ID: <20020326233202.GA24305@sothis.glaume.mds>

Hi all !

As computer science students, a friend and I have just ended a study
on buffer overflows and the existing protections a Linux system may
use against them.

This study deals with the various kinds of overflows (heap, stack) to
understand how they work and how they may be used to execute
malicious code; then it focuses on a few Linux solutions (Grsecurity
features, Libsafe...), and explains how they behave, which kinds of
exploits they prevent respectively...

It aims at presenting an overview of generic solutions which may be
applied to a whole system, although it is a non-exhaustive one.

People interested in the document may have a look there: 
http://www.enseirb.fr/~glaume/indexen.html

The report is available online in html format, or you may pick up the
pdf version... Every comment is more than welcome!

Cheers,
VG

PS: I've decided to post this to the selected lists as I think
readers may be feel interested in our study, sorry if this is not the
case...
(8209211) /Vincent <glaume@enseirb.fr>/---(Ombruten)