Date: Mon, 29 Jun 1998 12:15:07 +0400 From: "bazilio" <bazilio@monitor.voronezh.su> To: <freebsd-security@FreeBSD.ORG> Cc: <andrew@squiz.co.nz> Subject: Re: non-executable stack? Message-ID: <199806290901.CAA06183@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
On Sun, 28 Jun 1998 17:26:30 +1200 (NZST) you wrote: >> You misunderstand. My proposal, seemingly seconded by jtb, was to >> allow the administrator to disallow the presence of non-printable ascii >> characters in the environment or command line arguments at the time of >> execve of certain processes. We still don't know if this will have any >> effect on security though, since no-one has checked to see if its possible >> to write shellcode using just printable ASCII. It would certainly >> make life difficult for the attacker, since it would be impossible to >> overwrite the saved eip with an address on the stack since the stack >> is at the top of the address space around 0xFFxxxxxx or 0xEFxxxxxx. >> >> Niall >I know next to nothing about assembly level programming, but if you mean >that there is a problem because 0xFF and 0xEF are out of bounds, then I >figure this means very little if the attacker has access to a small range >of arithmetic or bitwise operators to generate these characters. With a >little more effort, byte values could perhaps be borrowed from elsewhere, >copying them from addressable locations. It's true, but I think addition of this checking will force attackers to make much more efforts. Arith and bitwise instructions can make anymore, but an exploiting code must contain instructions to obtain current %eip value, which is very hard without some opcodes. Also I think that we must add sanity check not for printable characters, but for arch-specific exploit dangerous magic numbers and its sequences. >Andrew McNaughton Thanks, Vasily. I prefer to use FreeBSD at all. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806290901.CAA06183>