Re: Unexecutable stack

Anton Ivanov (aivanov@eu.level3.net)
Tue, 28 Dec 1999 19:02:36 -0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Manfred Spraul: "Re: wait_on_irq, CPU1"
Previous message: Tigran Aivazian: "[patch] updated latest kdb for 2.2.35-pre6"
In reply to: Andi Kleen: "Re: [PATCH] Documentation/oops-tracking update"

-----BEGIN PGP SIGNED MESSAGE-----

On 28-Dec-1999 Adam J. Richter wrote:
> If the problem with making the stack unexecutable is a few
> pieces of trampoline code, then how about just modifying the few
> programs that use this code to mprotect the stack when they actually
> need it to be executable? Even if these programs simply made their
> entire stack area executable at initialization time, at least the
> other programs would be considerably more secure.
>
> I believe this change would eliminate about half of the root
> exploits that I see reports of, or, to put it more dramatically, it
> would eliminate more exploits than all other improvements combined.

1. It is a stick with two ends. You become slow lame and lazy and forget to
update (under the idea: whatever, nobody can exploit it anyway).
Have a look at DGUX. It used to have a non-exec stack in the 3.x days. As a
result most of the exploits (even elementary ones like lpd were not fixed). Then
in 4.x the stack had to go executable again. And then it became fun (actually I
am slightly incorrect here because the fun officially began after some kid
posted general purpose shellcode for alpha).

2. Trampolines:
A: the few programs are f.e. glibc itself or docs on solar
designer patches are wrong.
B: solar designer patches have been doing this for quite a while.

3. If at least solar designer's and andrew tridgel's patches (pipes in
proc, etc) will finally make it into the mainstream kernel it will be very very
nice.

My 0.02$

- ----------------------------------
Anton R. Ivanov
IP Enginteer Level3 Communications
RIPE: ARI2-RIPE E-Mail: Anton Ivanov <aivanov@eu.level3.net>
@*** Gerrold's Laws of Infernal Dynamics (No 2 of 3)
An object at rest will always be in the wrong place.

- ----------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBOGkJSylWAw/bM84zAQG2BAf/a9JlP03zQ9ajlkRYR0v2wwoBa3rKFDPg
zsDBLTMV/GgKxqOTguVESjQOJ+Qpe7DDsLPqKVHamrSWz3wu77+BdzhO+qXZJl4R
ADNnrqbgdFTUulE93lcXaiqGPVbrFVlACUtmYXyRvImiFIGq7y4OrtSCkxVsYfo4
syfsil4cK+n9ce/3vNbdgUKaJKLn7asDpkC6C2yqf51Z298yhgA5oIFcGejyY70y
6HLZ+npNIGLW+lZvfPnaM7imXbOovXjMdVKJwlyMR3o5E/ELIGF4JcV9ijn6fF7A
Jvp16Z2Wi9fWoHyTTezGdd/Iy/j9IabJfCPQsXi9MmUb8UXk9dNsbA==
=4z6i
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Manfred Spraul: "Re: wait_on_irq, CPU1"
Previous message: Tigran Aivazian: "[patch] updated latest kdb for 2.2.35-pre6"
In reply to: Andi Kleen: "Re: [PATCH] Documentation/oops-tracking update"