Date: Fri, 26 Jun 1998 13:16:24 -0400 (EDT) From: jtb <jtb@pubnix.org> To: Wojciech Sobczuk <sopel@hood.1lo.lublin.pl> Cc: fpscha@schapachnik.com.ar, Niall Smart <njs3@doc.ic.ac.uk>, ncb05@uow.edu.au, security@FreeBSD.ORG Subject: Re: non-executable stack? Message-ID: <Pine.SOL.3.96.980626131059.442A-100000@pubnix.org> In-Reply-To: <Pine.BSF.3.96.980626173858.17960A-100000@hood.1lo.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, Brian Matthews brought this idea up to me last fall, and the
more I've been thinking about it lately, why not just deny a handful of
ctrl-char's that a buffer overflow needs, i.e. 0x90, 0xff, etc. I'd have
to say there is a minimal number of ctrl-char's we can disallow to stop
your average script kiddie from sending shellcode into a process via
cmdline or environment arguments. This method won't really protect
against attacks involving sscanf()'ing data from files ala the Vixie Cron
bug for RH 4.x, but security will definitely be improved with minimal
loses funcionality-wise. Let me know what you guys think. All replies
are welcomed, critical or not.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jonathan T. Bowie ADM w00w00 WSD
jobe@sekurity.org jtb@pubnix.org jobe@dataforce.net
Independant Security Developer
Home: (603)436-5698 "I'd hate to advocate drugs, sex, alcohol, or
Cell: (603)553-6697 violence... to any one, but they've worked
for me." -- Hunter S. Thompson
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
On Fri, 26 Jun 1998, Wojciech Sobczuk wrote:
> On Thu, 25 Jun 1998, Fernando P. Schapachnik wrote:
>
> > En un mensaje anterior Niall Smart escribi¢:
> > > be to only turn it on for set[ug]id executables. There are a number
> > > of other "features" like this that would be useful, for example the
> > > ability to specify that only printable ascii characters can appear in
> > > the arguments or environment of a process before it can exec another.
> >
> > Don't forget about "international" users. We consider strings like
> > "compa¤¡a" perfectly valid ;-)
> >
> > Regards!
> >
> > Fernando P. Schapachnik
> > fpscha@schapachnik.com.ar
> >
> hmm.. i always thought that '$' and '!' ARE printable characters..
> check out `man 3 isprint`
>
> wojtek
>
> - Wojtek Sobczuk aka sopel (a franc-tireur) -
> - sopel@hood.1lo.lublin.pl || wojtek@gaja.ipan.lublin.pl -
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.980626131059.442A-100000>