Date: Sat, 27 Jun 1998 11:07:22 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) To: Patrick McAndrew <pfm@slack.net>, jtb <jtb@pubnix.org> Cc: Wojciech Sobczuk <sopel@hood.1lo.lublin.pl>, fpscha@schapachnik.com.ar, Niall Smart <njs3@doc.ic.ac.uk>, ncb05@uow.edu.au, security@FreeBSD.ORG Subject: Re: non-executable stack? Message-ID: <E0yprtC-0006B4-00@oak67.doc.ic.ac.uk> In-Reply-To: Patrick McAndrew <pfm@slack.net> "Re: non-executable stack?" (Jun 27, 12:13am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 27, 12:13am, Patrick McAndrew wrote: } Subject: Re: non-executable stack? > > > On Fri, 26 Jun 1998, jtb wrote: > > > Actually, Brian Matthews brought this idea up to me last fall, and the > > more I've been thinking about it lately, why not just deny a handful of > > ctrl-char's that a buffer overflow needs, i.e. 0x90, 0xff, etc. I'd have > > to say there is a minimal number of ctrl-char's we can disallow to stop > > your average script kiddie from sending shellcode into a process via > > cmdline or environment arguments. This method won't really protect > > against attacks involving sscanf()'ing data from files ala the Vixie Cron > > bug for RH 4.x, but security will definitely be improved with minimal > > loses funcionality-wise. Let me know what you guys think. All replies > > are welcomed, critical or not. > > Why bother? Just practice good security programming and check bounds. It > would be much easier to fix a getc() call than to write an entire function > that checks for certain control characters that were passed.. Rember, > "keep it simpe stupid" :) You misunderstand. My proposal, seemingly seconded by jtb, was to allow the administrator to disallow the presence of non-printable ascii characters in the environment or command line arguments at the time of execve of certain processes. We still don't know if this will have any effect on security though, since no-one has checked to see if its possible to write shellcode using just printable ASCII. It would certainly make life difficult for the attacker, since it would be impossible to overwrite the saved eip with an address on the stack since the stack is at the top of the address space around 0xFFxxxxxx or 0xEFxxxxxx. Niall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0yprtC-0006B4-00>