Full Disclosure mailing list archives
Re: Linux Exec Shield (was: Linux (in)security)
From: Chris Ruvolo <chris+fulldisc () ruvolo net>
Date: Thu, 23 Oct 2003 13:23:33 -0700
On Thu, Oct 23, 2003 at 02:39:08PM +0200, Peter Busser wrote:
Speaking about kernel hardening, I was wondering if anyone on the list could comment on Ingo Molnar's Exec Shield Linux kernel patches.You can find out the facts for yourself by running paxtest. Paxtest can be obtained from the PaX homepage at: http://pageexec.virtualave.net/. The latest version is v0.9.4, which should be available from there soon. In the meantime, you can download it from http://mail.adamantix.org/paxtest-0.9.4.tar.gz.
Peter, thanks for letting me know about this test. Googling for "exec shield paxtest" gives some results for comparison. Indeed, Adamantix's kernel appears less vulnerable. Do you know if any of these protections also apply to non-x86 kernels?
What I don't like about exec-shield, is that it is based on a few assumptions. One of the assumptions is that stack overflows are only possible with ASCII data (which is what the ASCII-shield refers to). As if memcpy() to a buffer will never cause any overflows.
Yes. But string buffer attacks are more common, no? Its a good first step. That said, if PaX/grsecurity uses the same methods, I'm not sure what the benefit of Ingo's implementation is.
The effectiveness remains to be seen. In the short term, using something like PaX is certainly effective, as can be seen here: http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it 37 break ins in a year on normal Linux, 0 on a PaX kernel.
This kind of report makes me nervous. What known remote exploits are there against a Debian Woody box that has all of Debian's security updates?
On the long term, people will probably find ways around it. But it should raise the bar and make it more difficult for some (but not all) remote exploits.
I hope so. But not local exploits? Thanks, -Chris
Attachment:
_bin
Description:
Current thread:
- Re: [inbox] Re: RE: Linux (in)security, (continued)
- Re: [inbox] Re: RE: Linux (in)security Shawn McMahon (Oct 24)
- Re: [inbox] Re: Linux (in)security Chris Ruvolo (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Valdis . Kletnieks (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Henning Brauer (Oct 30)
- Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Linux Exec Shield (was: Linux (in)security) Chris Ruvolo (Oct 23)
- Re: Linux Exec Shield (was: Linux (in)security) Peter Busser (Oct 23)
- Re: Linux Exec Shield (was: Linux (in)security) Arjan van de Ven (Oct 23)
- Re: Linux Exec Shield (was: Linux (in)security) Chris Ruvolo (Oct 24)
- Re: RE: Linux (in)security I.R. van Dongen (Oct 22)
- Re: RE: Linux (in)security Robert Brockway (Oct 22)
- Re: RE: Linux (in)security madsaxon (Oct 23)
- Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: RE: Linux (in)security Paul Schmehl (Oct 23)