Re: Privilege-escalation attacks on NT-based Windows are unfixable
From: Barry Margolin (barmar@genuity.net)Date: 08/27/02
- Next message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: those who know me have no need of my name: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: David Hopwood: "Access restrictions and buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barry Margolin <barmar@genuity.net> Date: Tue, 27 Aug 2002 15:26:54 GMT
In article <7xhehhkws5.fsf@ruckus.brouhaha.com>,
Paul Rubin <phr-n2002b@NOSPAMnightsong.com> wrote:
>Benjamin Goldberg <goldbb2@earthlink.net> writes:
>> > JIT compilation in Java
>> > Binary emulation like VMware
>> > Automatic code generation in GNU Lightning (same idea as JIT)
>> > Et cetera.
>>
>> All of these would put their data on the heap, not on the stack.
>>
>> This explains why one might want an executable heap, by doesn't explain
>> why one would want an executable stack.
>
>I'd expect some programs like that might want to put code on the stack
>instead of the heap.
>
>> Furthermore, even with such things, what's wrong with making the heap
>> non-executable by default, and having a special instruction which would
>> make small segments of it executable, on an as-needed basis?
>
>The argument against it is that you're trying to guard against
>deliberate attack, not random error. Closing one door just leads
>attackers to choose another. The only solution is fix the language
>and libraries and program carefully enough to not leave leaks.
No, you're trying to guard against deliberate attacks that take advantage
of well-known programming errors.
Buffer overflow attacks only work if the buffer is in a part of memory that
can be executed. If you have separate memory segments for stacks, normal
data and runtime-generated executable code, the buffers are going to be in
one of the first two segments. The attacker will never be able to use one
of these buffers to inject his own code.
It's remotely conceivable that someone would be stupid enough to put their
input buffer in the executable heap rather than the nonexecutable heap. If
someone is going out of their way to make their code exploitable, there's
only so much you can do to stop them.
-- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: those who know me have no need of my name: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: David Hopwood: "Access restrictions and buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
