RE: [TCLUG:690] Buffer overflow exploits

To: tclug-list@listserv.real-time.com
Subject: RE: [TCLUG:690] Buffer overflow exploits
From: Ben Kochie <ben@intexp.com>
Date: Fri, 17 Jul 1998 01:44:46 -0500 (CDT)
In-Reply-To: <19980716235524.F11414@wizard.real-time.com>
Sender: ben@MicroQ.nerp.net

at one time there were a couple of kernel patches that reduced the ability to
do buffer overflow exploits signifigantly, these were no-exec stack patches..

just so everyone knows..

when a program runs as root, and anyone can launch it.. there is the
possibility for someone to cause the program to crash by doing something not
expected.. this is usually not so bad in unix because it's proteced from
damaging the system when it does die.  what an attacker may do is this..
when a program is crashable in a repeatable way.. the attacker can addon real
working code to just after the input point of crashing.  what happens is.. the
program misses a normal stop point, and just keeps on executing along, normaly
crunching through random data, and dieing.. but what the attacker does, is
insert code to launch bash, or some other shell.. that way they now have access
to the machine at the same level of the program.. root.. (as we all know..
that's a bad thing :)  what the non-exec stack patch does.. is not allow code
to be run in a data area of memory.. that fixes MANY programs, but causes
problems where execution is critical to a program's running.  for one reason or
another.. these non-exec patches have been droped.  

there is some plans to change the way the gcc C compiler works, to help prevent
similar things from happening.. this will hopefully be able to solve many of
the root exploits, simply by re-compiling your application with the new
compiler. :)

details can be found on http://slashdot.org in the thursday section

On 17-Jul-98 Bob Tanner wrote:
> Is there any way to prevent buffer overflows under Linux?
> 
> Solaris has a very cool script that Protect SPARC stack against
> unwanted exec access. Any thing like this for Linux?
> 
> -- 
> Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
> http://www.real-time.com                | Fax   : (612)943-8500
> Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com

TTYL,
        Ben Kochie (ben@intexp.com)

[{(-----------------------------------------------------------)}]
You can never underestimate the stupidity of the general public. 
                                        -Scott Adams

To the engineer, the world is a toy box full of sub-optimized and
feature-poor toys.
                                        -How to tell an Engineer
[{(-----------------------------------------------------------)}]

References:
- Buffer overflow exploits
  - From: Bob Tanner <tanner@real-time.com>

Prev by Date: Buffer overflow exploits
Next by Date: netscape 4.5 beta
Prev by thread: Buffer overflow exploits
Next by thread: netscape 4.5 beta
Index(es):
- Date
- Thread