> In short, my argument is not that the kernel should not try to make things
> secure for you. My argument is that no-stack-exec adds nada, zero, zilch,
> nothing in the form or real security. With one simple change to some
> exploit, you're suddenly wide open.
I think in the latest version of the nostackexec patch libc is mapped to
addresses that contain the byte \0 somewhere. This kills a very
significant overflow category, an attacker is _unable_ to overflow the
stack with say address 0x00A01234 if the exploit is string-parsing
related.
another version of the patch uses /dev/random to add a random 'jitter' to
mmap addresses. You'd have to overflow many thousands of times before you
are lucky enough to catch the right address. (and all those failed
overflows are logged and alert the sysadmin or clobberd). You can even add
a policy to disable a given setuid root binary for a given user once a
suspicious segmentation fault was detected. (thus the attacker has only
one try)
yes we are playing with probabilities here, but thats the nature of
software bugs and risks after all ...
-- mingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html