Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Nathan Hand (nathanh@chirp.com.au)
Sun, 9 Aug 1998 00:54:12 +1000 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrea Arcangeli: "start_kernel take no param"
Previous message: Markus Kossmann: "Re: Linux 2.1.115ac1 released"

On Sat, 8 Aug 1998, Jon Lewis wrote:

> On Fri, 7 Aug 1998, Linus Torvalds wrote:
>
> > And yet, the arguments that people have had in favour of no-stack-exec is
> > that it protects you against these well-known exploits - and that hackers
> > are too stupid to come up with new ones.
>
> That's not the point being argued. The sort of people who go out and
> get/apply the secure-linux patch are not the sort who knowingly leave
> holey apps on their systems...at least I'd guess most are not. The point
> is, that if today, some cracker finds that cucipop (sorry SRB:) is
> vulnerable to a remote buffer overflow attack, there's a good chance
> they'll write a simple exploit using Aleph One's "Smashing The Stack For
> Fun And Profit" as a guide, exploit some systems, and trade the exploit
> with their friends. If someone tries it against me, all kinds of alarms
> go off, they don't get root, I know I have a security problem to track
> down, and they move on to easier victims...maybe FreeBSD systems. :)

It's better that the patch remain out of the main kernel distribution
for the following reason: if it becomes part of the main distro, then
the cracker will never write the exploit, because the default kernels
will not allow the exploit to achieve the desired outcome.

The scenario you wrote above (alarms flashing, security problem known
and soon to be fixed) only occurs when the cracker develops the crack
on a non-patched system, and you have a patched system. It's in every
administrators best interest that no-exec-stack is non-standard.

It wouldn't be so bad if the patch fixed all possible exploits, but I
know it doesn't. It just means new exploits get written, old exploits
are never tried again, and now we have a nasty hack in the kernel and
we can never remove it, even if the "security code" is never used!

The no-exec-stack patch is great for people that need security, but I
think it needs to be non-standard to encourage exploits!

Bizarre logic, I know. I hope it made sense to somebody else, and not
just myself.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Andrea Arcangeli: "start_kernel take no param"
Previous message: Markus Kossmann: "Re: Linux 2.1.115ac1 released"