I was surfing Ms Visual Studio .Net website and came accross a link to
this response to Cigital.
To: BugTraq
Subject: In response to alleged vulnerabilities in Microsoft Visual C++
security checks feature
Date: Feb 14 2002 3:50PM
Author: Brandon Bray
To be clear, the security check feature introduced in the Microsoft Visual C++ .NET compiler is NOT vulnerable. The allegation that applications compiled with Visual C++'s /GS switch some how expose themselves to more attacks is unfounded and patently false.
The Cigital press release itself says it, "This security feature is meant to protect potentially vulnerable source code automatically from _some_ forms of buffer overflow attacks." The expectation is right there, some forms of buffer overflow attacks can evade the compiler injected security checks. This understanding makes the following
statement in the Cigital press release questionable:
"The protection afforded by the new feature allows developers to continue to use vulnerable string functions such as strcpy() as usual and still be "protected" against some forms of stack smashing.'
What is quite distressing though is that the Cigital press release strays from a solid understanding of /GS and changes its position, later saying "Note that the new feature is meant to protect any program compiled with the 'protected' compiler feature." Unfortunately, this is far from the truth and never the intention of the /GS feature.
Regards,
Brandon Bray
Visual C++ Compiler Team
News source: Security Focus
