[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wish list

To: securedistros@nl.linux.org
Subject: Re: wish list
From: Crispin Cowan <crispin@cse.ogi.edu>
Date: Wed, 09 Jun 1999 12:05:06 -0700
Organization: Oregon Graduate Institute
References: <Pine.LNX.4.10.9906090952420.13394-100000@fornax.elf.stuba.sk>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

Milan Pikula - WWW wrote:

> i\m sorry but i know what i am talking about. almost any exploit code CAN be
> rewritten to be usable with non-executable stack patch too. in fact, i've
> never seen a hole which is unusable with it.
>
> consider this program (hole.c):

Cool!  Thanks for the examples.  I've seen attacks that beat the non-executable stack
before, but I thought they were fairly specific to particular pieces of code.  Thanks
for the demonstration that the problem is general.

> void main(int argc, char * argv[])
> {
>         char buffer[16];
>         strcpy(buffer, argv[1]);
> }

However, it does seem that the attacks you describe will all be detected and stopped by
StackGuard.  Perhaps now (if he's listening :-) Solar Designer will stop referring to
StackGuard as a kludge :-)

Evidence:  the lsof attack that went around last month beat the non-executable stack,
but was stopped by StackGuard.

Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

              Microsoft:  Putting the "lame" in "layman"

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- Re: wish list
  - From: Milan Pikula - WWW <www@fornax.elf.stuba.sk>

References:
- Re: wish list
  - From: Milan Pikula - WWW <www@fornax.elf.stuba.sk>

Prev by Date: Re: Re: wish list
Next by Date: Re: wish list
Prev by thread: Re: wish list
Next by thread: Re: wish list
Index(es):
- Date
- Thread