Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Buffer overflow prevention
From: "Matt D. Harris" <vesper () depraved org>
Date: Thu, 14 Aug 2003 17:49:18 -0400

Theo de Raadt wrote:
Solaris 2.6 and above also support a kernel variable which can be set via /etc/system called "noexec_user_stack", which can make the stack for userland processes non-executable by default. Note that this behavior is the default for 64-bit binaries in Solaris 7, 8, and 9, and this kernel variable forces the behavior for 32-bit binaries. I run all sorts of odd software and have never had an issue with having this always turned on for all of my systems.


You just don't get it, do you?  Are you even reading what people are
saying?  Protecting just the stack is basically useless.  99.9% of
exploits that use the stack can be rewritten to NOT use the stack!

But W^X protects THE ENTIRE ADDRESS SPACE.


That's fine. I'm not pointing out this functionality as some sort of be-all-end-all fix for everything. I'm simply pointing out a function that a system provides that people may find useful. And how many script kiddies are resourceful enough to re-write an exploit to *not* use the stack? The fact is, simply preventing the stack isn't perfect. But it's not entirely worthless, either. To call anything that does something useful entirely worthless is just downright silly. In today's day and age, one should do everything possible to protect themselves, whether it's going to be effective 1% of the time of 99% of the time. So, when are you releasing the Solaris kernel module to support the W^X stuff? Someone who's so married to a specific bit of defense would certainly want to release it to as many potential users as possible, whether they use OpenBSD or not, right? :-)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault