Re: Here is my plan for firewall implementation

[Alfred Huger <ahuger () silence secnet com>]

On Tue, 23 Sep 1997, Paul D. Robertson wrote:

> On Mon, 22 Sep 1997, Adam Shostack wrote:
>
> > Casper Dik has posted a tool to Bugtraq to turn off stack
> > executability on Sparcs.  It invalidates the standard egg, but there
> > may be ways around it.  (If a user can overwrite arbitrary memory, he
> > can probably do arbitrary things.  The 'correct' solution is to
>
> There was one from 'Solar Designer' earlier this year, or late last year 
> which did the same thing on Linux/Intel.  If anyone has both pieces of 
> code somewhere, as well as some further discussion, I'd appreciate a pointer.

I believe the same author (Solar Designer) also posted an exploit which
overflowed the heap as opposed to the stack. It should be noted that
turning the executable bit on your stack off on may deter anklebiters
running standard bugtraq exploits, but it will not stop someone
sufficiently motivated.

While overflows are more than common enough, so are race conditions. Some
operating systems have made a serious attempt at removing tmp file race
conditions by using mkstemp(3) in their code to further randomize file
names. Attacks based on race conditions are still widely exploitable,
particularly (although not exclusively) in BSD derivatives. 

/****************************************************************************
Alfred Huger                                    http://www.secnet.com/ballista
Project Director                                ahuger () secnet com
Secure Networks Inc. (SNI)
*****************************************************************************/