From owner-freebsd-security Wed Jun 24 07:10:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA10873 for freebsd-security-outgoing; Wed, 24 Jun 1998 07:10:19 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from heron.doc.ic.ac.uk (NOSvSuxxFSPB6OKcRzzqSErQz+entwRE@heron.doc.ic.ac.uk [146.169.46.3]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA10802 for ; Wed, 24 Jun 1998 07:10:03 -0700 (PDT) (envelope-from njs3@doc.ic.ac.uk) Received: from oak67.doc.ic.ac.uk [146.169.33.67] ([w4Sm7+cwV9nJ7w6v6VOmM70ZKe+2pYKc]) by heron.doc.ic.ac.uk with smtp (Exim 1.62 #3) id 0yoqEt-0001oh-00; Wed, 24 Jun 1998 15:09:31 +0100 Received: from njs3 by oak67.doc.ic.ac.uk with local (Exim 1.62 #3) id 0yoqEs-0002io-00; Wed, 24 Jun 1998 15:09:30 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) Date: Wed, 24 Jun 1998 15:09:30 +0100 In-Reply-To: Nicholas Charles Brawn "non-executable stack?" (Jun 20, 9:21pm) X-Mailer: Mail User's Shell (7.2.5 10/14/92) To: Nicholas Charles Brawn , security@FreeBSD.ORG Subject: Re: non-executable stack? Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jun 20, 9:21pm, Nicholas Charles Brawn wrote: } Subject: non-executable stack? > I was pondering the following after reading about solaris 2.6's > non-executable stack option. > > 1. How feasible is it to implement a non-executable stack kernel option? > 2. If it *is* feasible, what do people think of a sysctl-based interface > to enable/disenable it? > 3. If both 1 & 2 were implemented, how about making it impossible to > disenable at say.. securelevel >= 1? > > If I remember the discussions on bugtraq right, a non-exec patch isn't a > cure-all for buffer overflow attacks. However it would be an overall > security enhancement and prevent many script-based attacks. It would be nice to have a filesystem non-executable-stack flag so that it could be enabled/disabled on a per file basis. Another option would be to only turn it on for set[ug]id executables. There are a number of other "features" like this that would be useful, for example the ability to specify that only printable ascii characters can appear in the arguments or environment of a process before it can exec another. I haven't checked if its possible to write shellcode using just plain ascii characters, if you can then this is obviously worthless, but I'd be surprised if it's possible. Niall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message