Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (Shellcode Injection)

From: Crispin Cowan <crispin () immunix com>
Date: Mon, 15 Dec 2003 11:21:48 +0000

ljknews wrote:


"May not spawn anything at all" is highly restrictive for most programs. The Immunix OS SubDomain 
<http://immunix.org/subdomain.html> feature lets you specify the set of programs that a given program may spawn.
   


I don't have any statistics to argue the "most programs" issue,
but certainly I know of shops where spawning is never built into
a program - just due to programming practices and unrelated to
security. 

Alright, I should have said "many" instead of "most". And either "many" 
or "most" is not relevant if the situation in front of you is different.



Another consideration would be the security environment of the program
under consideration.  There are situations where rights ascribed to that
running program would _not_ be inherited by a spawned process.  That is
not the end of discussions about what an attacker might try, of course,
but many of the hazards associated with escaping from a controlled 
environment are tied up with the notion of inheriting the access rights

of that controlled environment -- without the controls.

SubDomain lets you control whether the child inherits the parent's 
privileges, or runs under its own defined set of privileges.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/
Previous By Date Next
Previous By Thread Next

Current thread: