Date: Sun, 19 Jul 1998 22:09:29 -0400 From: "Allen Smith" <easmith@beatrice.rutgers.edu> To: Warner Losh <imp@village.org>, Archie Cobbs <archie@whistle.com> Cc: brett@lariat.org (Brett Glass), security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <9807192209.ZM23527@beatrice.rutgers.edu> In-Reply-To: Warner Losh <imp@village.org> "Re: The 99,999-bug question: Why can you execute from the stack?" (Jul 19, 7:48pm) References: <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 19, 7:48pm, Warner Losh (possibly) wrote: > I think that most, but not all, of the problems can be fixed by making > the stack non-executables for set[gu]id binaries. this will fix the > attacks where elevated privs are used to get access. however, i'm not > completely sure about this because there are many problems with this > idea. not the least of which is that it feels like a bandaide to me. I'd suggest adding anything executing with an effective uid of root; keep in mind servers. I've actually worked on this with the libparanoia's libc substitution, at least with the non-assembler ones; I'll try to find the time to test soon whether this actually speeds things up. BTW, breaking binary compatibility on software that runs as root or that's set[gu]id isn't as much of a problem as it might seem - if a piece of software is going to run at elevated permissions, you ought to have the source code. That's (part of) the lesson of _An Empirical Study of the Reliability of UNIX Utilities_, in which GNUware (and software with free source code in general) was found to be a lot more reliable. (Admittedly, another part is that the GNU project has rules against doing things that let in buffer overflows...) See ftp://grilled.cs.wisc.edu/technical_papers/fuzz.ps.Z and ftp://grilled.cs.wisc.edu/technical_papers/fuzz-revisited.ps.gz for more information. -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9807192209.ZM23527>