Robert Dinse <nanook@eskimo.com> writes:
> On 3 Jul 2000, Vandoorselaere Yoann wrote:
[...]
> > yes, and non executable stack is really *not* a part of theses layer.
>
> Well, yes, it is. People trying to exploit things and causing core dumps
> have clued me to buffer overflow exploits that I've missed and that would have
> otherwise resulted in successful root exploits.
Non exec stack will not protect from that if it is designed to work on it
( and majority of exploits today are designed for that. )
[...]
> > Now you're suggesting that people involving in some threads on lkml
> > are saying bullshit and do not know what they are talking about;
> > i've not seen any piece of code from you nor kernel nor user space...
> > i don't care, but if you think that what was said in such thread
> > is bullshit :
>
> > Or you didn't read the good thread
> > or you're simply an idiot.
>
> Now you've added "idiot" to "stupid" and "asshole". How mature and
> sophisticated you are. A real kernel hacker no doubt. I guess if I'm ever
> going to become a real kernel hacker I'll need to learn to start calling people
> names too.
No, I'm not a kernel hacker, and far away of thinking i'm one...
Maybe i will be when i will get some free time to involve myself more
in kernel development ( ie: when i'll be ending all my user space
projects, and maybe when you'll stop wasting my time sending
your 'getting nowhere' mail with me answering instead of coding
( note that i'm also too dumb to stop answering) ).
but, in contrast to you, i'm listening to what other people say and trust
them... at least, if i do not understand, i ask.
But i do not start a thread getting nowhere basically saying:
"no, you're all wrong, you *must* include this patch,
and ne stack are usefull".
In the technical discution i was pointing to you,
there was ton of argument against using non executable stack...
>
> > That's not the problem,
> > non exec stack wasn't accepted because it give a false sence of security.
>
> Not one person that argued for it seemed to get any false sense of
> security, nor do I.
you're really playing with people and trying maintain a flamebait,
as a proof, i just found this lkml archive :
http://x71.deja.com/getdoc.xp?AN=566786875&CONTEXT=962629206.727122024&hitnum=0
dating of 31 Dec 1999 where someone is explaining you things about ne stack,
and *also* explaining you that Linus *said* it was giving a False sense of
security... ( and yes, he said it, but i can't find the involved thread ).
Now, please stop getting nowhere and take too people there time...
> If an application core dumps instead of gives root, that
> isn't a clue to me that it's OK not to fix it because the non-executable stack
> will handle it;
huh ? so you prefer buggy code instead of clean & bugfree one ?
> it's a clue that something needs fixing before the system was
> root compromised. An alarm that I wouldn't have otherwise gotten. And it's
> not a large patch as you seem to imply.
There is userspace & almost clean way to protect yourself
from stack overflow attack. Theses was mentioned sooner in this thread.
--
-- Yoann, http://www.mandrakesoft.com/~yoann/
It is well known that M$ products don't call free() after a malloc().
The Unix community wish them good luck for their future developments.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jul 07 2000 - 21:00:12 EST