> True. But stack smashing is only widely deployed against x86.
I have the logs to prove it... in practice, most people with "large"
networks connected to the Internet face scripkiddie attacks weekly.
> > 2) It breaks trampoline code
>
> No it does NOT! DIE DIE DIE!!!!
I use both the Solar patch and stackguard, both work as advertized for the
programs we run on the boxes.
Actually running a stackguarded version of WN and the Solar patch have
helped us more then once in discovering hacking attempts and
bufferoverflows.
> Trampolines work fine! This is the same garbage arguments that occured
> two or so years ago when Solar's patch first came out. It wasn't true
> then, it isn't true now.
I read somewhere else in this thread that there are exceptions, but for
most "common" software, at least what I'm using, it's working just fine.
> > 3) It doesn't provide full protection
> Nor does a root password.
Hear hear, ANY system, given enough time, knowledge and motivation, will
have weak points, the trick is to have a fully functioning system with so
much bastillon stuff put in that hackers get detected and or give up
before damage is done.
The implementation of this is totally dependent on the specific machine
and its enviroment.
Having more tools available in a "default" config would emphasize that
it's important to think about security, as well as save time and reduce
errors for those that already know the drill.
Not being able to work with the tools provided is an issue since men
started throwing stones at their prey many thousands of years ago, it's no
argument to not put things in.
> > 5) Most modern daemons are smart enough to switch to unprivileged UIDs when
> > parsing user input, and use strnxxx library functions.
We get shaken by some stoopid exploitable overflow more or less monthly
for as long as I'm in *nix, other OSes have the same problem.
People that USE machines will make mistakes that should be covered by as
much layers of security as practically can be applied.
Trusting others or yourself to write perfect code is naive.
> Linux isn't far off. Sure it's not root access, but as more
> 'users' use Linux root becomes less important. And obtaining root isn't
> hard if you get access as a user who SUes to root.
> > I would say that all considered, it is not worthwhile unless you need to run
> > a bunch of old setuid programs. In that case, you are taking a big risk even
> > with the patch.
New sUID programs have proven to be a hassle too.
> The big advantage here is that it buys you some time and makes the attack
> a little harder. Right now, even if you are a security junky, and have a
> pager set to page you when a cert alert comes out for your OS..
Sorry for CERT, they do a good job, but usually when a CERT warning hits
my mailbox I have already read bugtraq, linux-kernel, heard from hackers,
found "Bad Things" happening to my box and usually have patched the leak.
> It still
> takes you time to get out of bed and install it on your systems. In that
> time, you could be auto-rooted a thousand times over by people who scoped
> out your configuration automatically, months ago.
I have seen cases of high profile, high volume sites, set up by IDIOTS
that are not aware of anyting else then the "NEXT" button in WindoNT IE4
install.
( very funny, these sites were hacked about every 5 minutes for over a
week in a row, after a while they had more malicious accounts on the box
then valid users ).
These morons will start clicking away in linux in the near future too, do
we want the same to happen then ?
> Now.. The only question left in my mind: Which is better,
stackguard > compiling all apps by default, or this patch?
I think that 's for everyone to decide for themselves, depending on the
situation.
Giving people the opportunity to choose without having to do "advanced"
sysadmin stuff like downloading and patching a kernel ( try putting that
in a wizard ) is something that should seriously be considered.
True, any "vendor" like RedHat, Suse, Slackware and the like can choose to
do that, but as soon as you move away from their roadmap you 're on your
own.
> With the patch, you dont have to recompile anything, but thats the only
> basis I know for comparison.
Extra argument, it logs stuff that seems to be malicious, attempts to link
to files you don't own ( yes, I 've seen a link to /etc/passwd attempt,
that's how stoopid they are ) as well as programs trying to execute stack
in a way that's not like a trampoline.
( ProFTPD anyone, how many RaQs have you had hacked lately ? )
My point of view is, put these things visible in the kernel, people who
don't know what they are should either be educated or told not to touch a
keyboard.
Not putting something in because it gives a false sense of security is
IMHO an argument to go back to typewriters and dead trees.
---------------------------draw-conclusion-here------------------------
Homme R. Bitter *NIX admin, BOFH, MCSE, parttime divine entity.
REM This is a comment, I realy, really, really love comments.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/