Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Jun 1998 11:07:22 +0100
From:      njs3@doc.ic.ac.uk (Niall Smart)
To:        Patrick McAndrew  <pfm@slack.net>, jtb <jtb@pubnix.org>
Cc:        Wojciech Sobczuk <sopel@hood.1lo.lublin.pl>, fpscha@schapachnik.com.ar, Niall Smart <njs3@doc.ic.ac.uk>, ncb05@uow.edu.au, security@FreeBSD.ORG
Subject:   Re: non-executable stack?
Message-ID:  <E0yprtC-0006B4-00@oak67.doc.ic.ac.uk>
In-Reply-To: Patrick McAndrew  <pfm@slack.net> "Re: non-executable stack?" (Jun 27, 12:13am)

next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 27, 12:13am, Patrick McAndrew wrote:
} Subject: Re: non-executable stack?
> 
> 
> On Fri, 26 Jun 1998, jtb wrote:
> 
> > Actually, Brian Matthews brought this idea up to me last fall, and the
> > more I've been thinking about it lately, why not just deny a handful of
> > ctrl-char's that a buffer overflow needs, i.e. 0x90, 0xff, etc.  I'd have
> > to say there is a minimal number of ctrl-char's we can disallow to stop
> > your average script kiddie from sending shellcode into a process via
> > cmdline or environment arguments.  This method won't really protect
> > against attacks involving sscanf()'ing data from files ala the Vixie Cron
> > bug for RH 4.x, but security will definitely be improved with minimal
> > loses funcionality-wise.  Let me know what you guys think.  All replies
> > are welcomed, critical or not.
> 
> Why bother? Just practice good security programming and check bounds. It
> would be much easier to fix a getc() call than to write an entire function
> that checks for certain control characters that were passed.. Rember,
> "keep it simpe stupid" :)

You misunderstand.  My proposal, seemingly seconded by jtb, was to
allow the administrator to disallow the presence of non-printable ascii
characters in the environment or command line arguments at the time of
execve of certain processes.  We still don't know if this will have any
effect on security though, since no-one has checked to see if its possible
to write shellcode using just printable ASCII.  It would certainly
make life difficult for the attacker, since it would be impossible to
overwrite the saved eip with an address on the stack since the stack
is at the top of the address space around 0xFFxxxxxx or 0xEFxxxxxx.

Niall

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0yprtC-0006B4-00>