Bugtraq mailing list archives

Linux patch for blocking buffer overflow based attacks

From: massimo () IAC RM CNR IT (massimo () IAC RM CNR IT)
Date: Fri, 10 Mar 2000 16:10:09 +0100


--------
From

http://www.iac.rm.cnr.it/newweb/tecno/software/indexsoftware.htm

is available a patch to the Linux kernel that  we developed for blocking (most)
buffer overflow based attacks.
Basically we instrument some "critical" systems calls (execve, chmod,...) to
check a database of information provided by the system administrator by means
of a modified chmod command (also included in the software).
A README file explains the installation procedure whereas a paper
(BufOverA.ps.gz), that is submitted to the 9 Usenix Security Symposium,
describes the details of our approach.
We like to stress that this is NOT an alternative to solutions like StackGuard
or ITS4 rather it should be considered an additional protection mechanism.
The code has been tested for several months in our organizations
(Rome University "La Sapienza" and Institute for Computing Applications) and
should be compatible with any kernel >= 2.2.12-20.
For any question, comment, suggestion, send a note to: emgab () tiscalinet it.

Have a nice day,
Massimo

--- Massimo Bernaschi: Istituto Applicazioni del Calcolo ----
|  IAC-CNR                  | e-mail: massimo () iac rm cnr it |
|  V.le del Policlinico 137 | phone: +39 06 88470229        |
|  00161 Roma - ITALY       | fax:   +39 06 4404306         |
-------------------------------------------------------------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzjE14kAAAEDALqbd8BzUQllZNgJlZZWUAd+ztvVgnHE2cOlPURH3r+OjIus
ndHD2YZa73wI7FljN0EXHhgaxIUqfozjKwLd/Eeo9KHletO3p9XNyicq1Wx6Q3h5
sba4wj6EfYuLyKy33QAFEbQHbWFzc2ltbw==
=rIXA
-----END PGP PUBLIC KEY BLOCK-----

Current thread:

a few bugs ..., (continued)
- - - a few bugs ... Maurycy Prodeus (Mar 13)
    - Re: a few bugs ... Thomas Roessler (Mar 15)
    - Re: a few bugs ... Michal Zalewski (Mar 17)
    - Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
    - Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
    - Re: a few bugs ... Coke (Mar 20)
    - Re: a few bugs ... Daniel Jacobowitz (Mar 20)
    - Re: a few bugs ... Michal Zalewski (Mar 20)
    - DoS with NAVIEG PAUL VanDyke (Mar 17)
    - [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
    - Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
    - ICQ remote DoS Philip Stoev (Mar 10)
  - TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
  - Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)
- Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Jason Lutz (Mar 09)
  - Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Chris Paget (Mar 17)
  - SQL Server Vulnerability details Chip Andrews (Mar 18)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)
  - Re: PGP Signatures security BUG! Will Price (Mar 20)
  - Esafe Protect Gateway (CVP) does not scan virus under some conditions Hugo.van.der.Kooij () CAIW NL (Mar 21)
    - Re: Esafe Protect Gateway (CVP) does not scan virus under some conditions Alon Rotem (Mar 24)

(Thread continues...)