Canary value
This article may be deleted soon. | ||
---|---|---|
In computer science, and in particular computer security and code generation, the use of canary values is a strategy to detect buffer overflow attacks at run time, without requiring the programmer to modify any source code. Implemented within a compiler, canary values modify a program's stack frame to detect---but not prevent---buffer overflow attacks, imposing a worst case behavior for the system under attack. Notable examples of canary value systems are StackGuard and ProPolice. The method is simple. The compiler generates additional instructions, so that the function prologue will add a so-called canary value to the stack frame between the return address and the local variables. This canary value is a random number chosen when the program begins. Then, additional instructions are inserted into the function epilogue which check the canary value, as it appears in the stack frame. If incorrect, the new instructions cause the program to go into a fail-safe mode (usually immediate termination), as to control the program's worst-case behavior while under attack. Canary values can work, because most stack smashing attacks which successfully overwrites the return address will also overwrite the canary value, and it is unlikely that the attacker will be able to guess the canary value. [1] At least four attacks have been developed against this sort of protection. [2] The name "Canary value" is taken from a common practice during the history of mining operations. A canary was brought into the mine by miners while work is being done, and if the canary stops singing or dies (presumably because of something dangerous in the air such as a poisonous gas) the miners know to get out of the mine before they breathe too much of whatever happened to kill the canary.[3] See Also
References
|