Re: NT RPC Hotfix

[dsiebert () icaen uiowa edu (dsiebert () icaen uiowa edu)]

>    Microsoft just released a hotfix for the RPC vulnerability:
>
> ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP2/RPC-fix
>
>   Their quick turn aroudn time leaves to shame Unix vendors that take
> weeks or months to provided a patch. Oh well.


What about all the real security problems and Win95 and NT they haven't fixed,
some of which I've seen posted here.  Please don't ask me for a list, I don't
have to actively support MS stuff, luckily, so I don't pay a lot of attention,
I just follow these growing lists with amusement remembering all the people
who used to claim NT was more secure than Unix because it had a shorter bug
list -- it just had fewer hackers banging on it but that is starting to
change...  MS probably just did this one quickly because it turned out it was
easy to fix.  And whoever they got inside MS when they called in this problem
actually cared about fixing it.  I find people like that in Unix vendors too
once in a while.  Too bad you can't just direct all problems you find to the
people you know who really care.

I've seen the discussion about making the stack non executable on x86 Unixes,
but what about others, like HP-UX and so on?  I know PA-RISC has a separate
execute bit that can be assigned to a page, it sure would be nice to make the
pages in the data quadrant (where the stack also lives) non executable.  Is
there a reason anyone knows about why they don't do this?  The shared libraries
live in quadrant 3 (and sometimes 4)  It might not provide a solution for all
the executable types, but the normal executables that are used in 99.999% of
programs (including, I presume, all the system binaries) would be totally
protected by this change instead of having to fix dozens of binaries one at
a time as problems and attacks are identified.  What I don't get is how you
can have a company like DEC that is smart enough to mark the stack non
executable, but not the data section?  Is that for the benefit of the software
translators?  You'd think they could find a better way, like requiring some
action on the part of the programmer (or different executable type) if they
want to do this, rather than making it the default.  Oh well.

BTW, whatever happened to SoD and their HP bug of the week?  There must be a
lot of stack smashing bugs left in HP-UX (and every other Unix, unfortunately)
I wonder if they are going to claim that HP paid them $2 million or whatever
it was they wanted to shut them up :)

--
Douglas Siebert                Director of Computing Facilities
douglas-siebert () uiowa edu      Division of Mathematical Sciences, U of Iowa

Ack!  My reality check just bounced!!