Contributed by jose on from the smash-and-spolit dept.
"As theo announced on misc@, non-executable stack support is available in the most recent snapshots for most platforms. In other words, say goodbye to the vast majority of buffer overflow attacks against OpenBSD machines :-) "The text of the message is here:
To: misc@openbsd.org Subject: non-exec stack From: Theo de RaadtNote that none of the other non-exec stacks out there (Solaris, OpenWall, Pax, etc) are immune to all problems, but this does raise the bar for attackers.Date: Tue, 23 Jul 2002 20:44:32 -0600 non-executable stacks can now be found on the following architectures: i386 sparc sparc64 alpha macppc and also on the hppa, which is not a real release yet. the snapshots that are up contain this code.
(Comments are closed)
By Anonymous Coward () on
Comments
By Anonymous Coward () on
So... I'm still working on coding some of the daemons in Java (particularly BIND and SSH). BIND is almost done....
C gives programmers an unlimited supply of rope to hang themselves with. As we can see, even the world's most security-consious programmers (ie, the OpenBSD team) still make memory safety mistakes sometimes. With Java you would have to work very hard to make a memory safety mistake. It's nearly impossible.
There are still other mistakes you can make, but again, Java has features that make these mistakes more difficult.
Comments
By Anonymous Coward () on
By jose () on http://www.monkey.org/~jose/
C is still the language of choice for hardcore OS development. you're right that the standard C library is a lot of rope to easily hang yourself. as such, i suggest you come back to the world of C and play with cyclone a typesafe C dialect. you can learn a lot from it.
Comments
By Anonymous Coward () on
Comments
By W () on
By Anonymous Coward () on
Java is not designed for OS development. Good luck with your Java kernel. I can imagine the blazing speed already.
Comments
By Peter Schuller () peter.schuller@infidyne.com on mailto:peter.schuller@infidyne.com
First of all, you cannot have objects "pointing" to other objects. You can have *references*.
Even so, you cannot have a reference declared to referr to a Vector actually referr to a Hashtable because attempting to perform such an assignment will result in a ClassCastException (or a compile time error if you forget to cast).
As for keeping track of which reference points to which - you have that problem in ANY language that allows you to manipulate data. It's no more difficult than any other form av variable; and *certainly* not more difficult than pointers in C...
If you're having trouble with *that* you either don't know Java or don't know fundamental principles of programming.
By Peter Schuller () peter.schuller@infidyne.com on mailto:peter.schuller@infidyne.com
First of all, you cannot have objects "pointing" to other objects. You can have *references*.
Even so, you cannot have a reference declared to referr to a Vector actually referr to a Hashtable because attempting to perform such an assignment will result in a ClassCastException (or a compile time error if you forget to cast).
As for keeping track of which reference points to which - you have that problem in ANY language that allows you to manipulate data. It's no more difficult than any other form av variable; and *certainly* not more difficult than pointers in C...
If you're having trouble with *that* you either don't know Java or don't know fundamental principles of programming.
By Peter Schuller () peter.schuller@infidyne.com on mailto:peter.schuller@infidyne.com
First of all, you cannot have objects "pointing" to other objects. You can have *references*.
Even so, you cannot have a reference declared to referr to a Vector actually referr to a Hashtable because attempting to perform such an assignment will result in a ClassCastException (or a compile time error if you forget to cast).
As for keeping track of which reference points to which - you have that problem in ANY language that allows you to manipulate data. It's no more difficult than any other form av variable; and *certainly* not more difficult than pointers in C...
If you're having trouble with *that* you either don't know Java or don't know fundamental principles of programming.
By Marwan Burelle () mb@feanor.org on mailto:mb@feanor.org
Their's lot of other langages that can be use for safe programming without the performance cost of the java's models. In fact, with a good strongly typed functionnal langage, almost memory problems are solved. This is because strong typing insure correct executions (the famous Curry-Howard isomorphism between typing and proof) seen as existance of fix point in functionnal langages.
For examples, it is impossible to make overflows and other segfault (or runtime error) with an ocaml code.
The reason to use such a language and not Java, is that it is prooved to work and it can be compiled to native binaries without loosing its property. Native compilations of ocaml give good performances nearly the same as C code.
In fact the main probleme is not only the language used to code, but the incredible mass of code that do the same thing (with different programming style...) and that must be audited individualy. A better approch is too write good libraries (that have to be verified one time) that give high level functions to be used with safe programming languages.
By Anonymous Coward () on
There are more than TWO computer languages!! C rocks and I'm all for keeping bind and ssh in C but I hate to see this two sided debate when it should have several more suggestions.
Take this case study for example on the cost/error ratios with c versus ada.
http://www.adaic.com/whyada/ada-vs-c/cada_art.html
By Anonymous Coward () on
There are more than TWO computer languages!! C rocks and I'm all for keeping bind and ssh in C but I hate to see this two sided debate when it should have several more suggestions.
Take this case study for example on the cost/error ratios with c versus ada.
http://www.adaic.com/whyada/ada-vs-c/cada_art.html
Comments
By Anonymous Coward () on
that explains the double post - you're used to redundancy ;-)
Comments
By Anonymous Coward () on
By George () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Igor M Podlesny () on www.morning.ru/~poige
By Anonymous Coward () on
snapshot before I upgrade? I have read I
had to do this on some other platform, but
I am on i386 here.
Comments
By Peter Hessler () spambox@theapt.org on http://www.sfobug.org
By Peter Valchev () pvalchev@openbsd.org on mailto:pvalchev@openbsd.org
By Anonymous Coward () on
Is this to be read that the OpenBSD-non-exec stack is immune to all problems, or should it really be "Note that none of the other non-exec stacks out there (Solaris, OpenWall, StackGuard, etc) are immune to all problems either , but this does raise the bar for attackers."
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By jose () on http://www.monkey.org/~jose/
dont forget that plenty of exploits are not buffer overflows but stupid things like configuration bugs. systrace is a great tool to use in conjunction here with the non-exec stack.
Comments
By none () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
once you leave your homophobe lair, you'll realize most of the rest of the world has caught up and could careless if someone is gay.
Comments
By Anonymous Coward () on
huh? where is this world that doesnt care?
Comments
By Not Really Anonymous () on
Comments
By W () on
Comments
By Anonymous Coward () on
Comments
By W () on
I would not call myself homophobic. I do not call them 'fags' and use other insults and I treat them as everyone else.
It's nothing wrong with the homosexual, it's his homosexuality there's something severely wrong with.
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
By Sarah () on
If anyone can think of an easy way to, given a read-only text and non-executable stack, change execution to whatever they want, maybe I'll think my comment over.
Just to clearify, can someone tell me if this effects both kernel and user stack?
By RC () on
Or, maybe they've just finally come to their senses that there will never be secure software, and started implimenting things like this.
Hey, I'm still waiting to see them impliment my suggestion for giving each user their own /tmp folder (to prevent race conditions). And still waiting for TCP/UDP port ACLs (yes, there is a patch that worked with an old snapshot). Port ACLs would allow everything (except SSH) to be run as a user, not Root.
Comments
By Anonymous Coward () on
??? You obviously don't know what you talking about...
By skull () a on a
and there are other areas where obsd can be improved. so perhaps people could just create their own distributions of obsd just like all the crazy linux distros.
By W () on
> to be run as a user, not Root.
Why don't you put
rdr on if proto tcp from any to any port 80 -> 1.2.3.4 port 8080
in /etc/nat.conf?
Comments
By W () on
in /etc/nat.conf and configure your software to listen to another port?, that is.
By michael anuzis () on http://www.anuzisnetworking.com
better example would have been ssh, but now with priv sep it's not quite so relevant anymore.
Comments
By W () on
Comments
By jolan () on
Comments
By W () on
By Anonymous Coward () on
stop waiting, start coding.
allow everything (except SSH)
or anything else requiring authentication. and there are already methods to deal w/ this (port redirection, though it's prone to error (race condition))
Comments
By W () on
> redirection, though it's prone to error (race
> condition))
Could you explain the "prone to errer, race condition" part. Thank you! :-)
Comments
By Anonymous Coward () on
let's say you redirect 8000 to 80 and run apache on port 8000. if apache dies or you restart it, there will exist a period of time while apache is down that a local user may run a version of apache on that port.
not likely to happen, but possible.
Comments
By W () on
By Anonymous Coward () on
By jose () on http://www.monkey.org/
By Lamont Granquist () lamont@scriptkiddie.org on http://www.scriptkiddie.org/
On the sparc64 and alpha architectures this is a welcome improvement. In those architectures function calls pass their values in registers and that makes exploiting non-exec stacks much more difficult.
Comments
By Anonymous Coward () on
Comments
By ChatLog.txt () on
*** THIS IS AN AUTOMATED MESSAGE ***
IT HAS COME TO THE ATTENTION OF NETWORK MAINT. STAFF THAT YOUR ACCOUNT IS INCLEDED IN A SMALL TARGET AUDIENCE OF ACCOUNT OWNERS WHOS AUTHORIZATION INFORMATION MAY HAVE BEEN COMPRIMISED. PLEASE VERIFY OWNERSHIP OF THIS ACCOUNT WITH YOUR USERNAME AND PASSWORD
THANK YOU FOR YOUR COOPERATION IN THIS MATTER YOU HAVE 45 SECONDS TO VERIFY BEFORE ACCOUNT DELETION & REINITIALIZATION.
PopRoachKid17 : dud fuck off fagot
SystemAdmin342 :
*** THIS IS AN AUTOMATED MESSAGE ***
IT HAS COME TO THE ATTENTION OF NETWORK MAINT. STAFF THAT YOUR ACCOUNT IS INCLEDED IN A SMALL TARGET AUDIENCE OF ACCOUNT OWNERS WHOS AUTHORIZATION INFORMATION MAY HAVE BEEN COMPRIMISED. PLEASE VERIFY OWNERSHIP OF THIS ACCOUNT WITH YOUR USERNAME AND PASSWORD
THANK YOU FOR YOUR COOPERATION IN THIS MATTER YOU HAVE 30 SECONDS TO VERIFY BEFORE ACCOUNT DELETION & REINITIALIZATION.
PopRoachKid17 : lisen fuckeing queer stop being gay leave me aloen
SystemAdmin342 :
*** THIS IS AN AUTOMATED MESSAGE ***
IT HAS COME TO THE ATTENTION OF NETWORK MAINT. STAFF THAT YOUR ACCOUNT IS INCLEDED IN A SMALL TARGET AUDIENCE OF ACCOUNT OWNERS WHOS AUTHORIZATION INFORMATION MAY HAVE BEEN COMPRIMISED. PLEASE VERIFY OWNERSHIP OF THIS ACCOUNT WITH YOUR USERNAME AND PASSWORD
THANK YOU FOR YOUR COOPERATION IN THIS MATTER YOU HAVE 15 SECONDS TO VERIFY BEFORE ACCOUNT DELETION & REINITIALIZATION.
PopRoachKid17 : dude okay jesus it's PopRoachKid17/marlbrlsmkr
By I Too, just learned about security () newbie@aol.com on mailto:newbie@aol.com
HAHA. Riiite. Why don't you go back to your Fortune magazine article where you read up on security theroy and leave this thread alone.
Comments
By Anonymous Coward () on
By Sergey Smitienko () hunter@dg.net.ua on www.sergey-smitienko.com.ua