Re: two things

Albert D. Cahalan (
Thu, 18 Dec 1997 15:56:12 -0500 (EST)

C. Scott Ananian writes:
> On 18 Dec 1997, Benny Amorsen wrote:
>>> C Scott Ananian <> writes:
>>> My understanding is that the current nonexec-stack patch works so
>>> well because it cleverly disables itself when it detects code
>>> that will break. Although this does make it compatible, it
>>> doesn't make it secure. Solutions to these problems have been
>>> rumoured for Linux 2.3.X.
>> We should not fix the problem in the case where it _can_ be solved,
>> just because there are cases where it cannot?
> If it is trivial to disable the patch, it doesn't make anything
> really more secure now, does it? And it lulls one into a false
> sense of security.

Yep, PGP isn't secure either because somebody could guess...
Oh, please! It is _far_ from trivial to get past the patch.
In addition to great skill, an attacker would need great luck.
I wouldn't worry about Linus Torvalds spending years...

The trampoline detection is _not_ a massive hole. Gcc trampolines
are hard for an attacker to produce, in part because the registers
need to be set up right. You can't jump into libc system() either
because the patch maps libc with a '\0' in the address.

The attacker can't try until success, since attempts get logged.
You can have syslogd page you.

> Besides: no one is saying you can't patch your own kernels. But the
> official linux kernel distribution is concerned (rightly) with doing
> things the Right Way, even if it takes a bit longer to get it done.

Actually, this _is_ the Right Way. In theory, the Right Way is
to fix all the applications. Ha, ha, ha! Good luck dude. :-)
You don't even have source to everything, so get that hex editor...

You aren't paranoid enough if you discard imperfect solutions.
This is an imperfect world. I have a whole collection of hacks
that could improve security, most of which break things. It is
harder to write exploit code if argv[n] must be printable ASCII.
People in Europe might scream, but it would be useful here.
(they could still ban at least 65 non-native language characters)
Sick hacks:

The stack exec patch is without side effects. The /tmp link patch
is nearly without side effects -- and the programs that break are
ones that _should_ break. Both patches appear legal for Unix98.