I'd love to see this as easily enabled in mainstream distros like Debian. Perhaps by being incorporated into the major libraries? Memory safety problems are a huge problem and this looks like it would counter many of the heap related ones. Thoughts?
The GitHub mentions 8B canaries after allocated blocks, how realistic is it that canaries can be overwritten as they were allocated in an overflow attack to continue writing the payload?
The point of canaries is not that you can't overwrite then, it's that you won't know what to overwrite them with (and are forced to overwrite them, thus detecting the overflow).
However, as someone who does this type of exploitation for fun and has a little bit of experience with heap attacks, I doubt the canaries are particularly effective at stopping exploits, and the README basically admits this as well.
dwheeler|3 years ago
Seirdy|3 years ago
Until then, LD_PRELOAD is your friend (assuming you build with semantic interposition).
jamboca|3 years ago
cmeacham98|3 years ago
However, as someone who does this type of exploitation for fun and has a little bit of experience with heap attacks, I doubt the canaries are particularly effective at stopping exploits, and the README basically admits this as well.
moonchild|3 years ago