RE: realpath(3) et al

From: Jason Stone (freebsd-security_at_dfmm.org)
Date: 08/12/03

  • Next message: Devon H. O'Dell: "RE: realpath(3) et al" 
    Date: Tue, 12 Aug 2003 04:40:11 -0700 (PDT)
To: security@freebsd.org

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > Protecting against stack smashing is quite important; I think many
    > hosting environments not using LISP or other executable-stack-reliant
    > packages would benefit from this. By negating the ability to execute
    > injected code through a buffer overflow, security is highly increased.

    I think that this topic has come up before on the list - please check the
    archives before you get into it again.

    I think that the consensus has been something along the lines of, it would
    be nice, _but_:

    1) It requires ugly tricks to implement on i386;
    2) It does not canonically stop the exploitation of buffer overruns -
       yes, it stops the current attacks, but the underlying problem that an
       attacker can change the flow of program execution remains;
    3) It would break a whole bunch of stuff.

     -Jason

     --------------------------------------------------------------------------
     Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
     that he was insufficiently fondled when he was an infant.
            -- Ashley Montagu
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (FreeBSD)
    Comment: See https://private.idealab.com/public/jason/jason.gpg

    iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u
    o6iRC44JMJe86lhPj7CqdEg=
    =ijiO
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Devon H. O'Dell: "RE: realpath(3) et al"