Re: Low Latency Patch

From: Gregory Maxwell (greg@linuxpower.cx)
Date: Mon Jul 03 2000 - 08:25:29 EST

Next message: Vandoorselaere Yoann: "Re: Low Latency Patch"
Previous message: Ralph Metzler: "Different modules with same names??? (bttv and dvb)"
In reply to: Robert Dinse: "Re: Low Latency Patch"
Next in thread: Robert Dinse: "Re: Low Latency Patch"
Reply: Robert Dinse: "Re: Low Latency Patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 3 Jul 2000, Robert Dinse wrote:

> On 3 Jul 2000, Vandoorselaere Yoann wrote:
> >
> > Ever heard about bound checking ?
>
> Yes, I have, but unfortunately it seems like Vixie and others haven't,
> and while I do look at the code, I do not catch everything.
>
> > yes, and non executable stack is really *not* a part of theses layer.
>
> Well, yes, it is. People trying to exploit things and causing core dumps
> have clued me to buffer overflow exploits that I've missed and that would have
> otherwise resulted in successful root exploits.

If they were widely used, people would use non-exec immue attacks. If you
did get a coredump, they would clean it up before you noticed.

> Damn I wish I'd never miss one, but big applications like sendmail and
> bind are just too many bytes to look at and not occasionally miss something.
> Bind at least can run as non-root, sendmail is still a real problem.

search freshmeat for postfix.

> Not one person that argued for it seemed to get any false sense of
> security, nor do I. If an application core dumps instead of gives root, that
> isn't a clue to me that it's OK not to fix it because the non-executable stack
> will handle it; it's a clue that something needs fixing before the system was
> root compromised. An alarm that I wouldn't have otherwise gotten. And it's
> not a large patch as you seem to imply.

Generally, people on this list tend to be a bit more enlightened then most
sysadmins.

If you check the archives, I was one of the cheif participants arguing for
the Solar Designer patch when it first came out (three years ago?). Since
then it's been clearly demonstrated that the patch does little good
against an attacker thats prepaired for it (stackguard and libsafe do much
better though).

Go get libsafe, it's got example 'sploits that work against the Solar
patch and it's alot cleaner...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vandoorselaere Yoann: "Re: Low Latency Patch"
Previous message: Ralph Metzler: "Different modules with same names??? (bttv and dvb)"
In reply to: Robert Dinse: "Re: Low Latency Patch"
Next in thread: Robert Dinse: "Re: Low Latency Patch"
Reply: Robert Dinse: "Re: Low Latency Patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jul 07 2000 - 21:00:12 EST