On 11/18/99(19:12) I wrote in <_A636@delegate-en.ML_> |But all of these are platform dependent thus are hard to be portable. |So I thought a simple and portable solution out now which may be |feasible for a while, that is "stack-base randomization". I enclosed I thought out one more device which will be effective to prevent that kind of attack, that is "file-descriptor randomization", like enclosed. Cheers, Yutaka -- Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/ @ @ Computer Science Division, Electrotechnical Laboratory ( - ) 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan _< >_ diff -cr ../delegate6.0.3/src/delegated.c ./src/delegated.c *** ../delegate6.0.3/src/delegated.c Thu Nov 25 11:08:25 1999 --- ./src/delegated.c Sun Nov 28 00:00:03 1999 *************** *** 3307,3312 **** --- 3307,3314 ---- ABMwhere = "accepting1"; clsock = ACCEPT1(svsock,1,exlock,1,sockname); + if( 0 <= clsock ) + clsock = randfd(clsock); ACCEPT_TIME = Time(); if( clsock < 0 ) sv1log("AcceptByMain[%d]: taken by a Sticky (%d)?\n",svsock, *************** *** 3429,3434 **** --- 3431,3438 ---- if( 0 <= clsock ) break; } + if( 0 <= clsock ) + clsock = randfd(clsock); ACCEPT_TIME = Time(); EXIT: if( 0 <= shlock ) diff -cr ../delegate6.0.3/rary/randstack.c ./rary/randstack.c *** ../delegate6.0.3/rary/randstack.c Fri Nov 19 16:34:22 1999 --- ./rary/randstack.c Sun Nov 28 00:46:16 1999 *************** *** 64,66 **** --- 64,94 ---- arg.s_count = size; return call1(&arg); } + + /* + * This must be 32 or smaller because current implementation assumes + * the fd_mask as an integer of 32 bits. (PollIn(), etc) + */ + int RANDFD_MAX = 32; + + randfd(fd) + { unsigned int sec,usec,foff; + int xfd; + + if( RANDFD_MAX == 0 ) + return fd; + else{ + sec = Gettimeofday(&usec); + foff = getpid() + sec ^ usec/1000; + xfd = fd + foff % (RANDFD_MAX - fd - 1) + 1; + if( dup2(fd,xfd) < 0 ) + xfd = dup(fd); + if( 0 <= xfd ) + close(fd); + else xfd = fd; + /* + fprintf(stderr,"##[%d]## RANDFD %d -> %d\n",getpid(),fd,xfd); + */ + return xfd; + } + }
V