Quoting Craig Anderson (craig_at_XTIME.COM):
> > Why would you want to detect it, when you can disable the execution flag
> > on the segments where you don't want it (bss/stack, etc) ? Afaik if
> > you're mucking around in the software-x86 emulation anyways, it's better
> > to fix stuff than to only detect it :)
> Disabling execution on the Heap/BSS doesn't solve everything. You don't
> need to 'execute' anything to be malicious, although the ability to
> execute arbitrary code is still very useful for all malicious intents
> and purposes.
I agree.
> Why would you want to dectect such activities? Why not? It is always
> useful to see the myriad of attacks being performed on your resources as
> long as it's not too costly in nature.
Detecting is fine, but my point was (again: i'm not an x-86-expert), if you
can _fix_ it, then there is no need detecting it, as it can't happen.
I acknowledge that disabling execution is not the solution against malicious
intents.
Writing solid code is ofcourse the solution.
My (mostly theoretical) point was, that if you would be able to patch the
crusoe x86 emulation code to detect execution in areas where you don't want
it, disabling it would be better.
I'm not trying to find a solution here, but i don't see the point in
trying to detect something when you can disable it ;)
Non-executable stacks/bss etc will not solve the problem. Probably nothing
will solve the problem except for programmers that are 100% perfect, and who
don't make mistakes that allow malicious actions to take place with their
software :).
(ofcourse except for the mythical source-code scanning AI that finds all
security-wise bad spots and fixes them automatically (*ahem*) ).
Greets,
Robert
--
| rvdm_at_cistron.nl - Cistron Internet Services - www.cistron.nl |
| php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security |
| My statements are mine, and not necessarily cistron's. |
"God is big, so don't fuck with him."
Received on Nov 09 2000
Intro
