mailing list archives
Re: Fix for HP-UX automountd/autofs exploit (fwd)
From: lamont () SECURITY HP COM (LaMont Jones)
Date: Fri, 31 Dec 1999 07:45:17 -0700
HP is adding/has added executable stack protection to HP-UX 11, and it
is quite nice as it is implemented on a per binary basis. Just look at
the man page for chatr(1) on a recently patched HP-UX 11 system. I
don't know if all the bits required for this to work are operational
yet, but I remember hearing that the next release of HP-UX 11 (due next
spring I believe) includes "buffer overflow protection". Not that this
would help the automountd hole but most of the holes nowadays are buffer
overflows so it'll be nice that we'll be able to make them pretty much a
thing of the past on HP-UX soon enough, and without the annoying
tradeoffs that the Solaris/Linux style global kernel tunable require.
The only sad thing is that for "compatibility", the default is the old,
arguably broken, behavior.
When you see the tunable 'executable_stack' show up in
/usr/conf/master.d/core-hpux, you'll want to set it to 0, which tells
it to use the bit in the binary to permit/deny stack promotion. That
should eventually become the default (I hope).
Of course, this is not an official statement, things can (and do) change,
your mileage may vary, etc, etc...
CERT Advisory CA-99-17 Denial-of-Service Tools Aleph One (Dec 29)
Re: majordomo local exploit Christopher X. Candreva (Dec 29)
The "Mac DoS Attack," a Scheme for Blocking Internet Connections John Copeland (Dec 29)
Re: majordomo local exploit Olaf Kirch (Dec 29)
Re: majordomo local exploit Spidey (Dec 29)