"Eric W. Biederman" wrote:
> Jeremy Jackson <jeremy.jackson@sympatico.ca> writes:
> (about non-executable stack)
>
> There is another much more effective solution in the works. The C
> standard allows bounds checking of arrays. So it is quite possible
> for the compiler itself to check this in a combination of run-time and
> compile-time checks. I haven't followed up but not too long ago
> there was an effort to add this as an option to gcc. If you really
> want this fixed that is the direction to go. Then buffer overflow
> exploits become virtually impossible.
>
I've thought some more, and yes someone else has already done this. Problems
are with compilers that
put code on stack (g++ trampolines for local functions i think). There is
the gcc-mod (Stack-guard?) that checks for
corrupt stack frame using magic number containing zeros before returning...
this will take away some
performance though...
I wonder if the root of the issue is the underlying security architechure ...
anything that needs ANY privilege
gets ALL privileges (ie root). chown named and such fixes this, but can't
rebind to privileged port, must be restarted
by root to do so. VMS / NT have more fine grained privileges.
Is there any documentation of the kernel's 'capabilities' functions? It
would be exceedingly cool if services (named, nfs, etc)
could be updated to use this; I think crackers would loose some motivation
if instead of "hey I can totally rule this box!"
they have to settle for "hey I can make the ident service report user 'CrAp'
for every port!".
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Feb 15 2001 - 21:00:25 EST