> > True. But stack smashing is only widely deployed against x86.
> Just since x86 is so popular.
True. In theory this makes this point moot. But in real-life I want to
reduce the number of attacks that succede. That means x86.
[I say rudely, that it doesn't break tramps]
> It does. It DOES. IT DOES.
I was previously unaware of the cases where it does. These can be added to
the support. How often do you add new tramp codes?
> Yes. And then you should change kernel to accomodate changes in GCC, GNAT,
> GPC, FPK and so on. No, thanks.
How often do these change?
> > Trampolines work fine!
>
> As far as kernel part is aware about them. Not about existance of trampolines
> but about particular version of trampolines used in this and that compiler.
Well, there is a price to improved security.
> > This is the same garbage arguments that occured two or so years ago when
> > Solar's patch first came out. It wasn't true then, it isn't true now.
>
> It was true then and it's true now. Yes, some trampolines works fine. Some
> does not. Last thing needed in kernel is AI :-(
You don't need AI. There are lots of things OSes do that will break if you
try something weird. I don't believe that new tramp codes are added often
to egcs.
> It does it only when not widely deployed :-)
Not true. The patch actually makes this kind of attack tougher.
> > This doesn't just protect daemons. Look at MSwindows, they are getting
> > applications stack smashed (like IE and Outlook) to put malicious code on
> > the systems. Linux isn't far off. Sure it's not root access, but as more
> > 'users' use Linux root becomes less important. And obtaining root isn't
> > hard if you get access as a user who SUes to root.
>
> If user is dumb he deserve to lose.
I agree with that. But I dont agree that the user is dumb here.
Do you use netscape on a computer of yours? Do you SU to root?
Does this mean that you are dumb? I dont think so..
Does this mean that you are at risk? Probably.
> > Now.. The only question left in my mind: Which is better, stackguard
> > compiling all apps by default, or this patch?
>
> Both stackguard and subj is "security via obscurity". It works. Until it's
> widely deployed and all cracks are accomodated. So it works now EXACTLY since
> it's not default option in kernel.
I dont agree with that. Long ago, I offered a small reward on this list
(I think $50 us) to anyone that provided me with:
A) an app that breaks (not that hard)
B) An exploit for an app ever shipped with a distribution (I.e. mountd in
slackware 1.2.x) which will work with the patch.
I never got an example.
This patch actually makes this kind of attack more difficult.
> But you should patch and recompile kernel while trying to use new version
> of GNAT or FPK or ... You got the idea. To me such things do not belong to
> standard kernel.
This, I agree might be a valid point. But is there a legitmite need to
change the tramp code in GNAT/FPK that often?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/