Bugtraq mailing list archives
Re: 2nd Linux kernel patch to remove stack exec
From: gsstark () MIT EDU (Greg Stark)
Date: Mon, 14 Apr 1997 05:06:12 -0400
I normally advocate against losing valuable features for questionable security restrictions. And of course in this case i initially thought this was an awful idea. So it is with reluctance that i now find myself arguing for this feature. I can see this being a useful compilation option for kernels meant for server machines that are expected to run a fixed set of programs. Things like routers and ppp servers. I don't think it should ever be used on a machine where users log in and expect to run arbitrary programs, but not all machines are like that. Actually, the security mantra is to default to denying privileges, which in this case would mean only granting execution privileges on the code segment and library mappings. This would be a little extra work to make sure dlopen still worked and such, and i could be missing something, but i think this should work. If this increases the number of high performance simulators (Executor comes to mind) that fail then that's ok. In fact that sounds like a good, thing. If it has more noticeable effects then people won't be tempted to turn it on for machines where it is not appropriate. Perhaps even a printing a warning at boot time indicating the kernel is a server kernel and not appropriate for user machines would help. I had a few comments though: Is it possible to exploit the trampoline detector by first causing a spurious RET then subsequently trying the exploit? spurious returns in many programs, especially in robust server daemons are likely to be taken to indicate an error condition and be handled reasonably. Would it be possible to implement this in ld.so instead? Then you could be more flexible and support things like turning the feature off and on at runtime or supporting a flag in the executable to indicate to ld.so that the executable really doesn't need the extra executable privileges.
Current thread:
- Re: 2nd Linux kernel patch to remove stack exec Greg Stark (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec David S. Miller (Apr 14)
- non-executable stack Theodore Y. Ts'o (Apr 14)
- SNMP Information Paul Danckaert (Apr 14)
- Re: SNMP Information G P R (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 14)
- <Possible follow-ups>
- Re: 2nd Linux kernel patch to remove stack exec Miguel de Icaza (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec David S. Miller (Apr 14)