Bugtraq mailing list archives
Re: Buffer Overflows: A Summary
From: trost () CLOUD RAIN COM (Bill Trost)
Date: Thu, 1 May 1997 21:20:30 -0700
Aleph One writes: It was suggested that the kernel should check in the exec system call to determine if a shell was being executed.... This path of thinking does lead to an interesting defense that I believe would be of great use and should be implemented. Most daemons and utilities will not exec a program. Most will simply fork. In such cases a system call that disabled any further calls to exec would stop all exploits that attempted to use the exec system call.... That's an interesting idea, but note that the attacker need not call "exec", that's just the easiest approach. Given access to "open", "write" and "chmod" or "umask" is probably equivalent, it just takes longer to write the exploit. And while I can see giving up a variety of system calls to enhance security, "open" and "write" are not among them. (-: Another alternative that has the advantage of already existing and being relatively easy to use is the chroot() system call. For example, named would be a much less attractive target it if chroot()ed to /etc/namedb (or whatever) as soon as it knew where its startup directory was. Then all named could do is mangle your name service files. Never mind that named could setuid to non-root once it had its ports bound....
Current thread:
- Re: Buffer Overflows: A Summary Bill Trost (May 01)
- Re: Buffer Overflows: A Summary Tommy Marcus McGuire (May 02)
- Re: Buffer Overflows: A Summary Gene Spafford (May 02)
- Windows NT 4.0 SAM hotfix Aleph One (May 02)
- Re: Buffer Overflows: A Summary Lamont Granquist (May 03)
- Solaris lpNet & temp files (exploit) Chris Sheldon (May 03)
- Re: Solaris lpNet & temp files (exploit) Casper Dik (May 07)
- A bug in Elm fflush (May 04)
- Re: A bug in Elm Larry Schwimmer (May 04)
- Hole in the KDE desktop Alan Cox (May 05)
- A vulnerability in Lynx (all versions) fflush (May 05)
(Thread continues...)
- Re: Buffer Overflows: A Summary Tommy Marcus McGuire (May 02)