From owner-freebsd-chat Mon Feb 17 21:14:22 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA17990 for chat-outgoing; Mon, 17 Feb 1997 21:14:22 -0800 (PST) Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA17984 for ; Mon, 17 Feb 1997 21:14:19 -0800 (PST) Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id VAA29516; Mon, 17 Feb 1997 21:14:03 -0800 (PST) To: Charles Mott cc: David Greenman , freebsd-chat@freebsd.org Subject: Re: Countering stack overflow In-reply-to: Your message of "Mon, 17 Feb 1997 21:10:17 MST." Date: Mon, 17 Feb 1997 21:14:03 -0800 Message-ID: <29512.856242843@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I am mainly interested in this vulnerability since it seems to allow an > outsider to waltz into your machine and gain root privilege immediately. > It seems to be much more serious than the other security problems. Actually, it is no more powerful than any other security hole and I would hardly say that it's tantamount to allowing outsiders to waltz in as root - a whole cascade of errors, of which insufficient bounds checking is only one part, is required before that can happen. I'm sorry that you're tired of discussing this, but you did sort of put your foot in it by jumping in with a lot of proposals for "fixing" the problem before you fully understood the principles and ramifications of it yourself, having only become recently acquainted with the problem at all (by your own admission). Because you were so shocked at the significance of this "new" knowledge, you naturally also wanted to do something about it right away and that's commendable. Just simply be aware that this is a not a new problem and that if there were easy fixes for it, they'd be widely adopted by now. It's just not that easy though, and a panacea is not likely to emerge from this discussion. As regards the stack checking, I have to agree with David. It'd be like having a rent-a-cop on duty at your apartment complex. He might catch some truly blatant burglers, and maybe he also keeps the vandals from spray-painting your car occasionally, but if some truly motivated burgler really wants to get into your house then that rent-a-cop might as well not even be there, and the ONLY thing which is going to save you is your own security. The locks on your door, the bars on your window and having intelligence enough not to leave the key under the matt. Doing proper strncpy()s and such all fall under the category of "proper precautions" and we should simply make sure that all past and future code takes them, just as we'd expect it to verify its arguments and not core dump just because the user passed in a bogus flag. And now I'd be more than happy to join you in a vow of silence on this topic. Jordan