lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3F3C03DE.50001@depraved.org>
Date: Thu, 14 Aug 2003 17:49:18 -0400
From: "Matt D. Harris" <vesper@...raved.org>
To: Theo de Raadt <deraadt@....openbsd.org>,
	bugtraq@...urityfocus.com
Subject: Re: Buffer overflow prevention


Theo de Raadt wrote:
>>Solaris 2.6 and above also support a kernel variable which can be set 
>>via /etc/system called "noexec_user_stack", which can make the stack for 
>>userland processes non-executable by default.  Note that this behavior 
>>is the default for 64-bit binaries in Solaris 7, 8, and 9, and this 
>>kernel variable forces the behavior for 32-bit binaries.  I run all 
>>sorts of odd software and have never had an issue with having this 
>>always turned on for all of my systems.
> 
> 
> You just don't get it, do you?  Are you even reading what people are
> saying?  Protecting just the stack is basically useless.  99.9% of
> exploits that use the stack can be rewritten to NOT use the stack!
> 
> But W^X protects THE ENTIRE ADDRESS SPACE.
> 

That's fine.  I'm not pointing out this functionality as some sort of 
be-all-end-all fix for everything.  I'm simply pointing out a function 
that a system provides that people may find useful.  And how many script 
kiddies are resourceful enough to re-write an exploit to *not* use the 
stack?  The fact is, simply preventing the stack isn't perfect.  But 
it's not entirely worthless, either.  To call anything that does 
something useful entirely worthless is just downright silly.  In today's 
day and age, one should do everything possible to protect themselves, 
whether it's going to be effective 1% of the time of 99% of the time. 
So, when are you releasing the Solaris kernel module to support the W^X 
stuff?  Someone who's so married to a specific bit of defense would 
certainly want to release it to as many potential users as possible, 
whether they use OpenBSD or not, right?  :-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ