On Sat, Jun 03, 2000 at 09:06:46PM -0500, Robert Redelmeier wrote:
> While thinking about stack buffer overflow exploits (like `bind`),
> it occured to me that our beloved OS [Linux] might be able to
> provide some security for the many poorly-written suid-root apps.
>
> The key to these exploits is the ability to hijack the thread
> of execution by overwriting the return address on the stack.
> There are a couple of x86 mechanisms that could be used to
> stop the hijack:
>
> 1) The limit portion of the processes' CS segment descriptor
> could be adjusted downwards, so the stack addresses would not
> be executable and attempting would trigger a #GP exception.
This would casue to fail some already used technique like trampolines.
There's such a patch, it's named "Secure Linux" patch from Solar Designer
(I think the URL is http://www.false.com/). It can autodetect trampoline
usage too to enable them. Of course the security is not maximum in this
case but most of the cook-book exploits should be stopped by this patch
I've been using it for ages, and it's a great piece of patch.
It also contains some other security fixings. All of them can be tuned
by Linux kernel config mechanisms before compiling after you appiled the
patch.
- Gabor
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:20 EST