Firewall Wizards mailing list archives
Re: Here is my plan for firewall implementation
From: Alfred Huger <ahuger () silence secnet com>
Date: Wed, 24 Sep 1997 10:58:11 -0600 (MDT)
On Tue, 23 Sep 1997, Paul D. Robertson wrote:
On Mon, 22 Sep 1997, Adam Shostack wrote:Casper Dik has posted a tool to Bugtraq to turn off stack executability on Sparcs. It invalidates the standard egg, but there may be ways around it. (If a user can overwrite arbitrary memory, he can probably do arbitrary things. The 'correct' solution is toThere was one from 'Solar Designer' earlier this year, or late last year which did the same thing on Linux/Intel. If anyone has both pieces of code somewhere, as well as some further discussion, I'd appreciate a pointer.
I believe the same author (Solar Designer) also posted an exploit which overflowed the heap as opposed to the stack. It should be noted that turning the executable bit on your stack off on may deter anklebiters running standard bugtraq exploits, but it will not stop someone sufficiently motivated. While overflows are more than common enough, so are race conditions. Some operating systems have made a serious attempt at removing tmp file race conditions by using mkstemp(3) in their code to further randomize file names. Attacks based on race conditions are still widely exploitable, particularly (although not exclusively) in BSD derivatives. /**************************************************************************** Alfred Huger http://www.secnet.com/ballista Project Director ahuger () secnet com Secure Networks Inc. (SNI) *****************************************************************************/
Current thread:
- Re: Here is my plan for firewall implementation, (continued)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Bennett Todd (Sep 22)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 22)
- NCSA's RECON Service Adept (Sep 22)
- Re: Here is my plan for firewall implementation Joseph S. D. Yao (Sep 22)
- Re: Here is my plan for firewall implementation Adam Shostack (Sep 22)
- Re: Here is my plan for firewall implementation Paul D. Robertson (Sep 23)
- Re: Here is my plan for firewall implementation Alfred Huger (Sep 24)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)