Re: Unexecutable stack

Gregory Maxwell (greg@linuxpower.cx)
Tue, 28 Dec 1999 08:28:18 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gregory Maxwell: "Re: Unexecutable stack"
Previous message: Oleg Drokin: "Re: wait_on_irq, CPU1"
In reply to: Matthew Wilcox: "Re: patch to turn internal speaker on/off"

On Mon, 27 Dec 1999, Zachary Amsden wrote:

> Just for reference, here are the facts:
>
> 1) Not all architectures support this

True. But stack smashing is only widely deployed against x86.

> 2) It breaks trampoline code

No it does NOT! DIE DIE DIE!!!!
ARGH. If it completely blocked execution on the stack, syscalls wouldn't
even work. It does not do that. What it does do, is it traps stack
exectution, and then analyizes the situation.

Trampolines work fine! This is the same garbage arguments that occured
two or so years ago when Solar's patch first came out. It wasn't true
then, it isn't true now.

> 3) It doesn't provide full protection
Nor does a root password.

> 4) It does raise the bar significantly, in that it stops script kiddies

True.

> 5) Most modern daemons are smart enough to switch to unprivileged UIDs when
> parsing user input, and use strnxxx library functions.

This doesn't just protect daemons. Look at MSwindows, they are getting
applications stack smashed (like IE and Outlook) to put malicious code on
the systems. Linux isn't far off. Sure it's not root access, but as more
'users' use Linux root becomes less important. And obtaining root isn't
hard if you get access as a user who SUes to root.

> I would say that all considered, it is not worthwhile unless you need to run
> a bunch of old setuid programs. In that case, you are taking a big risk even
> with the patch.

True.

The big advantage here is that it buys you some time and makes the attack
a little harder. Right now, even if you are a security junky, and have a
pager set to page you when a cert alert comes out for your OS.. It still
takes you time to get out of bed and install it on your systems. In that
time, you could be auto-rooted a thousand times over by people who scoped
out your configuration automatically, months ago.

Now.. The only question left in my mind: Which is better, stackguard
compiling all apps by default, or this patch?

With the patch, you dont have to recompile anything, but thats the only
basis I know for comparison.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gregory Maxwell: "Re: Unexecutable stack"
Previous message: Oleg Drokin: "Re: wait_on_irq, CPU1"
In reply to: Matthew Wilcox: "Re: patch to turn internal speaker on/off"