From: "Brian O'Mahoney" <omb@khandalf.com>
To: rvk@prodmail.net, linux-kernel@vger.kernel.org
Subject: Re: Buffer Over-runs, was Open source firewalls
Date: Fri, 15 Jul 2005 00:53:33 +0200 [thread overview]
Message-ID: <42D6ECED.7070504@khandalf.com> (raw)
In-Reply-To: <42D658A9.7050706@prodmail.net>
First there are endless ways of stopping DAMAGE from buffer
over-runs, from code that accepts user data, eg extend buffer, dont
use dangerous strxxx functions .... so while you can move
stuff to proxies, and that has been done extensively e.g.
for sendmail it is a cop-out, far better fix the application;
Next, while all buffer over runs are very bad it is only those
that stamp on the stack, overwriting the return address stored
there and implanting viral code to be executed, that are truely
__EVIL__.
To do that you need to know a lot of things, the architecture
ie executing x86 code on a ppc will get you no-where, you must
know, and be able to debug your mal-ware against a stable
target, and this is why the _VERY_ slowly patched Windoze is
so vulnerable, and finally you really need to know the stack
base, top of stack, normally growing downward, and ... be able
to actually run code out of the stack space;
and if any one of these conditions are not true, eg I compiled
sendmail with a newer GCC, stack is not executable, ...
the exploit just fails or crashes an app and then you go after
why?
but your system is not compromised.
One final point, in practice, you get lots of unwanted packets
off the internet, and in general you do not want them on your
internal net, both for performance and security reasons, if you
drop them on your router or firewall then you dont need to
worry if the remote app is mal-ware.
--
mit freundlichen Grüßen, Brian.
next prev parent reply other threads:[~2005-07-14 23:00 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-13 16:34 Open source firewalls Vinay Venkataraghavan
2005-07-13 16:47 ` Alejandro Bonilla
2005-07-13 17:00 ` Maciej Soltysiak
2005-07-13 17:04 ` Nigel Rantor
2005-07-14 10:13 ` Helge Hafting
2005-07-14 10:24 ` RVK
2005-07-14 12:20 ` Helge Hafting
2005-07-14 12:20 ` RVK
2005-07-14 13:06 ` Helge Hafting
2005-07-14 14:04 ` RVK
2005-07-14 22:53 ` Brian O'Mahoney [this message]
2005-07-15 6:41 ` Buffer Over-runs, was " RVK
2005-07-15 6:51 ` Arjan van de Ven
2005-07-15 8:26 ` RVK
2005-07-15 8:46 ` Arjan van de Ven
2005-07-15 9:28 ` RVK
2005-07-15 9:29 ` RVK
2005-07-15 11:17 ` RVK
2005-07-15 11:24 ` Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42D6ECED.7070504@khandalf.com \
--to=omb@khandalf.com \
--cc=linux-kernel@vger.kernel.org \
--cc=omb@bluewin.ch \
--cc=rvk@prodmail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox