Re: 3.0 wishlist Was: Overview of 2.2.x goals?

ak@muc.de
Thu, 22 Jan 1998 13:11:47 +0100

On Thu, Jan 22, 1998 at 12:46:38PM +0100, Richard Gooch wrote:
> Andi Kleen writes:
> > Dan Hollis <goemon@sasami.anime.net> writes:
> >
> > > > * Anti-exec-stack option
> > >
> > > We *really* need this. Doesn't solaris already have it?
> >
> > This will only stop current cut'n'paste exploits. When Linux has it as
> > standard exploit writers will quickly adapt to it (as shown numerous times),
> > and you have the same situation.
>
> I keep hearing these kinds of absolutist arguments "it doesn't fix
> 100% of cases, therefore it's no use", and it's really silly. The
> point is not whether it is 100% effective, but whether it provides an
> *improvement* in security. This patch apparently costs nothing in
> functionality, so it has no side-effects. What's the problem?

It has side effects. It needs an ugly special case to detect legitimate
uses of stack code (e.g. gcc trampolines), which may fail with more
obscure compilers or interpreters that do this. My point actually was
only that the security improvement of this change is not as high as many
think.

> This is an imperfect world, and rejecting something because it isn't
> perfect doesn't help. It won't *force* applications to be more
> careful, which is what some may hope for.

That is irrelevant, because it needs only a slight adaption by the
exploit writers.

>
> "The point of locks on your house is not to stop burglars, but to make
> it harder for them so that they try the next house down the street".

"Using antibiotica carelessly harms more in the long run, because the
bacteria becomes immune, so it won't work when you really need it"
(OK, not 100% accurate)

-A.