From: Jeremy Jackson <jeremy.jackson@sympatico.ca>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Is this the ultimate stack-smash fix?
Date: Wed, 14 Feb 2001 14:19:12 -0500 [thread overview]
Message-ID: <3A8ADA30.2936D3B1@sympatico.ca> (raw)
In-Reply-To: <3A899FEB.D54ABBC7@sympatico.ca> <m1lmr98c5t.fsf@frodo.biederman.org>
"Eric W. Biederman" wrote:
> Jeremy Jackson <jeremy.jackson@sympatico.ca> writes:
> (about non-executable stack)
>
> There is another much more effective solution in the works. The C
> standard allows bounds checking of arrays. So it is quite possible
> for the compiler itself to check this in a combination of run-time and
> compile-time checks. I haven't followed up but not too long ago
> there was an effort to add this as an option to gcc. If you really
> want this fixed that is the direction to go. Then buffer overflow
> exploits become virtually impossible.
>
I've thought some more, and yes someone else has already done this. Problems
are with compilers that
put code on stack (g++ trampolines for local functions i think). There is
the gcc-mod (Stack-guard?) that checks for
corrupt stack frame using magic number containing zeros before returning...
this will take away some
performance though...
I wonder if the root of the issue is the underlying security architechure ...
anything that needs ANY privilege
gets ALL privileges (ie root). chown named and such fixes this, but can't
rebind to privileged port, must be restarted
by root to do so. VMS / NT have more fine grained privileges.
Is there any documentation of the kernel's 'capabilities' functions? It
would be exceedingly cool if services (named, nfs, etc)
could be updated to use this; I think crackers would loose some motivation
if instead of "hey I can totally rule this box!"
they have to settle for "hey I can make the ident service report user 'CrAp'
for every port!".
next prev parent reply other threads:[~2001-02-14 19:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-13 20:58 Is this the ultimate stack-smash fix? Jeremy Jackson
2001-02-13 21:06 ` Alan Cox
2001-02-13 21:22 ` James Sutherland
2001-02-13 23:04 ` Bruce Harada
2001-02-13 23:14 ` William T Wilson
2001-02-14 16:25 ` Eric W. Biederman
2001-02-14 19:19 ` Jeremy Jackson [this message]
2001-02-14 20:43 ` Gerhard Mack
2001-02-15 5:30 ` Eric W. Biederman
2001-02-15 15:29 ` Manfred Spraul
2001-02-15 16:00 ` Eric W. Biederman
2001-02-17 14:43 ` Peter Samuelson
2001-02-18 4:53 ` Eric W. Biederman
2001-02-20 1:10 ` Andreas Bombe
2001-02-20 9:09 ` Xavier Bestel
2001-02-20 16:40 ` Jeremy Jackson
2001-02-20 17:04 ` Xavier Bestel
2001-02-21 0:13 ` Andreas Bombe
2001-02-21 9:30 ` Xavier Bestel
2001-02-15 15:32 ` Jeremy Jackson
2001-02-17 10:47 ` Florian Weimer
2001-02-17 20:32 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3A8ADA30.2936D3B1@sympatico.ca \
--to=jeremy.jackson@sympatico.ca \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox