Re: Unexecutable Stack / Buffer Overflow Exploits...

Robert Dinse (nanook@eskimo.com)
Wed, 29 Dec 1999 21:18:04 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vikram: "hda lost interrupt!"
Previous message: Dave Jones: "[PATCH] x86 setup code cleanup."

On Thu, 30 Dec 1999, Damien Miller wrote:
>
> Date: Thu, 30 Dec 1999 15:10:41 +1100 (EST)
> From: Damien Miller <djm@mindrot.org>
> To: Gregory Maxwell <greg@linuxpower.cx>
> Cc: Horst von Brand <vonbrand@pincoya.inf.utfsm.cl>,
> Robert Dinse <nanook@eskimo.com>, linux-kernel@vger.rutgers.edu
> Subject: Re: Unexecutable Stack / Buffer Overflow Exploits...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 29 Dec 1999, Gregory Maxwell wrote:
>
> > The effectiveness of this patch comes from two places:
> >
> > A) It's rare and breaks all existing attacks.
> > B) I actually makes that class of attack harder to accomplish.
>
> C) It warns you when a buffer overrun attempt has been made,
> which alerts you to the problem and gives you a chance to fix
> or disable the offending program.
>
> Regards,
> Damien Miller

In the event when the attacker is stupid enough to launch from a dial-up
of an ISP, and I do see this frequently, it gives you a chance to kill the
offending account.

When they use a previously compromised host as a platform to launch their
attack from, it gives you the chance to notify the admin of that host so they
can secure it.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vikram: "hda lost interrupt!"
Previous message: Dave Jones: "[PATCH] x86 setup code cleanup."