Bugtraq mailing list archives

Re: Buffer overflow prevention

From: Glynn Clements <glynn.clements () virgin net>
Date: Tue, 19 Aug 2003 02:55:28 +0100


Theo de Raadt wrote:

One of these days someone is going to use the magic of a system call
interposition mechanism such systrace; and for their application
accidentally create an operating system behaviour that is un-POSIX,
and some application is going to misbehave as a result of that change
and inadvertantly this will result in the CREATION of a hole.


For a concrete example regarding POSIX 1e capabilities (which
are essentially a "system call interposition mechanism"):

        http://ciac.llnl.gov/ciac/bulletins/k-064.shtml

Summary: If a root process doesn't have CAP_SETUID, attempts to give
up root privilege fail, resulting in the process continuing to run as
root.

-- 
Glynn Clements <glynn.clements () virgin net>

Current thread:

Re: Buffer overflow prevention, (continued)
- - - Re: Buffer overflow prevention Peter Busser (Aug 18)
    - Re: Buffer overflow prevention noir (Aug 18)
- Re: Buffer overflow prevention pageexec (Aug 18)
  - Re: Buffer overflow prevention Mariusz Woloszyn (Aug 18)
- Re: Buffer overflow prevention pageexec (Aug 18)
- Re: Buffer overflow prevention pageexec (Aug 18)
- Re: Buffer overflow prevention Theo de Raadt (Aug 18)
  - Re: Buffer overflow prevention Darren Reed (Aug 18)
  - Re: Buffer overflow prevention Peter Busser (Aug 19)
- Re: Buffer overflow prevention Theo de Raadt (Aug 18)
  - Re: Buffer overflow prevention Glynn Clements (Aug 19)
  - Re: Buffer overflow prevention Crispin Cowan (Aug 19)
    - Re: Buffer overflow prevention Anil Madhavapeddy (Aug 19)
    - Re: Buffer overflow prevention Mariusz Woloszyn (Aug 19)
  - Re: Buffer overflow prevention Mark Tinberg (Aug 19)
- Re: Buffer overflow prevention pageexec (Aug 19)
- Re: Buffer overflow prevention Theo de Raadt (Aug 19)