Re: Privilege-escalation attacks on NT-based Windows are unfixable

Date: 08/23/02

Date: Fri, 23 Aug 2002 04:17:33 +0000 (UTC)

Barry Margolin wrote:
>An analogy in the Unix world would be executable stacks, which many
>buffer-overflow exploits take advantage of.

With respect, that seems like a poor choice of analogy. The real problem
is lack of array bounds checking in C and poor libraries, which is a
problem in the language and library, not the OS. Executable stacks are
not the problem, and non-executable stacks are not the fix. Making the
stack non-executable would not help; the restriction is easily bypassed
with alternate exploit techniques, and exploit scripts would quickly
use other methods. So I don't think this is such a great analogy.

But that said, maybe it is a good enough analogy. The fault is
absolutely 100% with the C language and the standard libraries, not
with the applications. It is ridiculous to pin all the blame for buffer
overruns on programmers or applications; ok, sometimes programmers are
careless and deserve a share of the blame, but the real problem is the
language that makes it so easy to do the wrong thing, and so hard to do
the right thing. strcpy(), like unfenced swimming pools, is an attractive
nuisance nuisance, and should never have existed.

If the Shatter attack shares these same characteristics, then yes, the
Windows OS deserves some blame for poor design that created dangerous
security pitfalls.