> > I happen to find this extreme conservatism disturbing. Solaris has
> > beaten Linux to the stack-exec fix, even though the Linux patch was
> > available long ago! I'd say they took the Linux idea and just used it.
> > Innovation must die, right? This is sick.
>
> I still believe that true innovation succeeds in the Linux world. It
> is only that there is no true innovation in that particular patch.
Bullshit, that patch wass Quite Brilliant! The neato trickery to enable
stacks for signals and tramps! Quite cool!..
The issue people debate (now that they understand the patch) is not it's
innovation, they debate if it's the right way to solve the exploit
problem.
As far as bins that are included with the system go: This patch buys you
some safty between the time cracker find out about a hole and when you get
the CERT announcement and can fix the problem.
In a situation like that is it's somewhat simmlar to increasing the wait
que for incomming connections to prevent synfloods. It's better then
nothing, and it has little cost (for most systems).
There are two other possible situations: Custom software, and ignorant
admins.
Custom software should be writen to prevent overflows. However, mistakes
happen, even when the intenton is to create a suid app. Even if the app
isn't suid, a overflow can cause problems.. think CGI allowing people to
access private data that .htaccess would normally protect. With such
software there will never be a cert announcement, and as long as it works,
the code will not be reviewed. No stack is the only avaiable defence.
Ignorant admins will hopefully learn better. But being attacked will not
teach them. A cracker could get in, change bins (would a ignorant admin
run tripwire? correctly?), and possibly even fix the holes in the system.
The admin might never know. If patch stuck some fun messages into the
syslog, however, the admin might be encouraged to read up about the stack
thing and fix his bins and such.. Here the nonexec stack patch is a
critical bandaid to keep them 'alive' while they learn.. Since linux is a
free OS there are alot of unix clueless people running it?
Would anyone here advocate that mothers should not watch their children
because 'childern who are foolis enough to run into the road deserve it'?
If someone is foolish enough to get a false sence of security from this
patch then they would never fix the problems in the first place. At least
this would make that group aware of the potential problems.
> As for Solaris copying the idea: They actually do the mistake which we
> could avoid so far. They have dozens of s-bit programs that are known
> to support stack-exec exploits. Are they fixing those? No. Instead,
> they offer a supposed catch-all solution, and now wait for somebody to
> find the remaining back door. I'm pretty sure there still is one.
>
> Regards,
> Martin
If they are leaving about bugs in their distribution then they are morons.
Even if it isn't a security hole anymore, a user should not be able to
crash something by overflowing a buffer..
Even with the protection, if sendmail has a overflow and a remote user
uses it, it will crash sendmail.. Much better then a system compromize..
But no one wants to go without mail..
If no-exec to become part of the linux kernel, any distributor who
refrains from fixing a bin because 'fixing is not needed with noexecstack'
should be shot!