mailing list archives
Re: Buffer overflow prevention
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 15 Aug 2003 11:48:14 -0700
Shaun Clowes wrote:
Exactly: trivial changes will protect you from script kiddies.
Non-bypassability is required to protect you from determined attackers.
It depends on your threat model: how much will a penetration event cost
you? What is it worth to someone to hack you?
Perhaps I'm the only one who feels this way, but I believe that the vast
majority of the exploitation of systems is being performed by people
with no knowledge of how to write an exploit and that the vast majority
of exploits are fragile. Doing anything that makes you different from
every other installation of Linux/HPUX/Solaris/InsertOSHere will
drastically decrease the changes of any point and click exploit working
Could a determined (and knowledgable) attacker still get through? Sure.
But if we're talking protections that take very little effort to
implement, have a minor performance impact and will save your
skin some of the time, it's obvious that it's worth deploying them. As
long as you're not kidding yourself that you're then totally secure.
But if you taste better (you are a bank and he is a basement RH box)
then the lion may choose to chase you anyway.
Its kind of reminiscent of that old joke about the two guys running away
from the lion. You don't have to beat the lion, just the other person.
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
Re: Buffer overflow prevention Thomas Sjögren (Aug 14)
Re: Buffer overflow prevention Shaun Clowes (Aug 15)
Heterogeneity as a form of obscurity, and its usefulness Bob Rogers (Aug 22)
Re: Heterogeneity as a form of obscurity, and its usefulness Crispin Cowan (Aug 22)
Re: Heterogeneity as a form of obscurity, and its usefulness Nicholas Weaver (Aug 22)
Re: [Full-Disclosure] Re: Buffer overflow prevention KF (Aug 15)
RE: Buffer overflow prevention Brian Glover (Aug 14)
- Re: Buffer overflow prevention, (continued)