Re: [PATCH] this patch add a possibility to add a random offset to the stack on exec.

From: David Weinehall (tao@acc.umu.se)
Date: Thu Aug 23 2001 - 03:48:28 EST

Next message: Jens Hoffrichter: "Re: Allocation of sk_buffs in the kernel"
Previous message: Gabriel Paubert: "Re: adding accuracy to random timers on PPC - new config option or runtime overhead?"
In reply to: Evgeny Polyakov: "[PATCH] this patch add a possibility to add a random offset to the stack on exec."
Next in thread: Alan Cox: "Re: [PATCH] this patch add a possibility to add a random offset to the stack on exec."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 23, 2001 at 05:32:10AM +0400, Evgeny Polyakov wrote:
> Hello, linux-guru.
>
> A couple of days ago Artur Grabovsky add this thing into the OpenBSD(
> someone guess, this is the most secure OS) kernel.
> This, as he suppose, not improve security of the system, but do OS more
> strong to the script-kiddies attack.
> Althought all admins and security analysist are loudly speaking, that
> Linux is the greatest hole in security aspect, i think, that with straight
> /dev/hands and not stupid /dav/brain the system can be unbreakable.
> But there are situations, when even the best administrator cann't fight
> against script-kiddies becouse of vendors, that cann't patch it's soft in
> time.
> And many systems lost it's defense.
> In this cases many things can help, for example nonexecutable stack.
> This patch also helps in manner of this kind.
> If machine has random stack base in any exec, script kiddies will not
> write _simple_ exploits, becouse of allmost such programs beleive, that
> stack base remains the same.
> And script kiddies should learn much more complex methods, like rewriting
> dtors section and other.
> In this case this patch cann't help, but i however belive, that this is
> not bad.

Oh my $DEITY, not this discussion again.

Look, this kind of patches (non-executable stacks, etc.) surfaces
at least twice a year, causes a two-three weeks long discussion
(flame-war), then dies. Linus hasn't taken such a patch into the
kernel so far. Neither has Alan.

Let it rest, or contact Linus directly in about a week or two (when
he has returned from his vacation) and as him if he a.) has changed
his mind, and if so, b.) thinks your patch looks good.

/David Weinehall

PS: If I remember correctly, Theodore T'so is the person who was most
capable to shoot down this idea. Sorry if I'm wrong on that account.
_ _
// David Weinehall <tao@acc.umu.se> /> Northern lights wander \\
// Project MCA Linux hacker // Dance across the winter sky //
\> http://www.acc.umu.se/~tao/ </ Full colour fire </
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Hoffrichter: "Re: Allocation of sk_buffs in the kernel"
Previous message: Gabriel Paubert: "Re: adding accuracy to random timers on PPC - new config option or runtime overhead?"
In reply to: Evgeny Polyakov: "[PATCH] this patch add a possibility to add a random offset to the stack on exec."
Next in thread: Alan Cox: "Re: [PATCH] this patch add a possibility to add a random offset to the stack on exec."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:54 EST