[KLUG Members] SELinux anyone?
Peter Buxton
members@kalamazoolinux.org
Tue, 29 Jul 2003 00:15:09 -0400
On Mon, Jul 28, 2003 at 01:09:47PM -0400, Adam Williams was only escaped
alone to tell thee:
> Non-executabke stack / data-pages seems like a no-brainer hacker
> proofin thing. Is there an argument for why such a thing isn't a
> standard feature in every OS?
Because your beloved Intel(r) sucks. ;-)
Most high-powered Unix chips (Power4, PA-RISC, *Sparc) can tag memory
addresses (per POSIX) as rwx, or readable, writeable and executable.
Intel can, but in a very brain-dead way: it isn't straight-forward
(remember 286 segmented memory? That kind of non-straight-forward) so
you have a lot of twigging of code and compiler to get it to work.
http://www.kerneltrap.com/node.php?id=538
http://www.kerneltrap.com/node.php?id=573
Why do it? To get the chips to run faster, cheaper. The great majority
of Intel users don't have a problem with buffer overflows, but with
their toy OSs and untrustable apps.
As for the stack: I shouldn't have written 'non-executable stack' above
(though I see that wording on PaX's home page). I should have written
protected stack. The stack _is_ the state of the program and thus needs
to change and jump to internal addresses. But you can protect the stack
by bounds-checking arrays (whose data is copied to the stack) and by
'randomizing' the stack so that a program cannot easily calculate a
jump-to address to insert into the stack.
See the following (including a ringing endorsement of OSS) for an
updated version of the classic "Smashing the Stack for Fun and Profit":
http://www.cs.ucsb.edu/~jzhou/security/overflow.html
--
-53
You can fill my head with Gummi Bears,
but I won't talk! -- Tom Servo, K13.