From owner-freebsd-security  Wed Jun 24 07:10:19 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA10873
          for freebsd-security-outgoing; Wed, 24 Jun 1998 07:10:19 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from heron.doc.ic.ac.uk (NOSvSuxxFSPB6OKcRzzqSErQz+entwRE@heron.doc.ic.ac.uk [146.169.46.3])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA10802
          for <security@freebsd.org>; Wed, 24 Jun 1998 07:10:03 -0700 (PDT)
          (envelope-from njs3@doc.ic.ac.uk)
Received: from oak67.doc.ic.ac.uk [146.169.33.67] ([w4Sm7+cwV9nJ7w6v6VOmM70ZKe+2pYKc])
	by heron.doc.ic.ac.uk with smtp (Exim 1.62 #3)
	id 0yoqEt-0001oh-00; Wed, 24 Jun 1998 15:09:31 +0100
Received: from njs3 by oak67.doc.ic.ac.uk with local (Exim 1.62 #3)
	id 0yoqEs-0002io-00; Wed, 24 Jun 1998 15:09:30 +0100
From: njs3@doc.ic.ac.uk (Niall Smart)
Date: Wed, 24 Jun 1998 15:09:30 +0100
In-Reply-To: Nicholas Charles Brawn <ncb05@uow.edu.au>
       "non-executable stack?" (Jun 20,  9:21pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: Nicholas Charles Brawn <ncb05@uow.edu.au>, security@FreeBSD.ORG
Subject: Re: non-executable stack?
Message-Id: <E0yoqEs-0002io-00@oak67.doc.ic.ac.uk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Jun 20,  9:21pm, Nicholas Charles Brawn wrote:
} Subject: non-executable stack?
> I was pondering the following after reading about solaris 2.6's
> non-executable stack option.
> 
> 1. How feasible is it to implement a non-executable stack kernel option?
> 2. If it *is* feasible, what do people think of a sysctl-based interface
> to enable/disenable it?
> 3. If both 1 & 2 were implemented, how about making it impossible to
> disenable at say.. securelevel >= 1?
> 
> If I remember the discussions on bugtraq right, a non-exec patch isn't a
> cure-all for buffer overflow attacks. However it would be an overall
> security enhancement and prevent many script-based attacks.

It would be nice to have a filesystem non-executable-stack flag so that
it could be enabled/disabled on a per file basis.  Another option would
be to only turn it on for set[ug]id executables.  There are a number
of other "features" like this that would be useful, for example the
ability to specify that only printable ascii characters can appear in
the arguments or environment of a process before it can exec another.
I haven't checked if its possible to write shellcode using just plain
ascii characters,  if you can then this is obviously worthless, but I'd
be surprised if it's possible.

Niall

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message