Re: Buffer Overflows: A Summary

Bill Trost (trost@CLOUD.RAIN.COM)
Thu, 01 May 1997 21:20:30 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Snare: "Re: Digital UNIX/Irix mesg problem"
Previous message: Uri Blumenthal: "Re: [linux-security] Yet Another DIP Exploit?"
Maybe in reply to: Aleph One: "Buffer Overflows: A Summary"
Next in thread: Thomas H. Ptacek: "Re: Buffer Overflows: A Summary"

Aleph One writes:
It was suggested that the kernel should check in the exec system call
to determine if a shell was being executed.... This path of thinking does
lead to an interesting defense that I believe would be of great use and
should be implemented. Most daemons and utilities will not exec a program.
Most will simply fork. In such cases a system call that disabled any
further calls to exec would stop all exploits that attempted to use the
exec system call....

That's an interesting idea, but note that the attacker need not call "exec",
that's just the easiest approach. Given access to "open", "write" and "chmod"
or "umask" is probably equivalent, it just takes longer to write the exploit.
And while I can see giving up a variety of system calls to enhance security,
"open" and "write" are not among them. (-:

Another alternative that has the advantage of already existing and being
relatively easy to use is the chroot() system call. For example, named would
be a much less attractive target it if chroot()ed to /etc/namedb (or whatever)
as soon as it knew where its startup directory was. Then all named could do is
mangle your name service files.

Never mind that named could setuid to non-root once it had its ports bound....

Next message: Andrew Snare: "Re: Digital UNIX/Irix mesg problem"
Previous message: Uri Blumenthal: "Re: [linux-security] Yet Another DIP Exploit?"
Maybe in reply to: Aleph One: "Buffer Overflows: A Summary"
Next in thread: Thomas H. Ptacek: "Re: Buffer Overflows: A Summary"