Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (Shellcode Injection)

From: ljknews <ljknews () mac com>
Date: Mon, 15 Dec 2003 11:15:26 +0000
At 4:08 PM -0800 12/14/03, Crispin Cowan wrote:

ljknews wrote:


At 12:05 PM -0800 12/13/03, Crispin Cowan wrote:



The malicious code often spawns a shell,
   


External to the defective program, that could be avoided by running
the program in a process with insufficient quota to spawn a subprocess
(on operating systems that support such).


"May not spawn anything at all" is highly restrictive for most programs. The Immunix OS SubDomain 
<http://immunix.org/subdomain.html> feature lets you specify the set of programs that a given program may spawn.


I don't have any statistics to argue the "most programs" issue,
but certainly I know of shops where spawning is never built into
a program - just due to programming practices and unrelated to
security. 

Another consideration would be the security environment of the program
under consideration.  There are situations where rights ascribed to that
running program would _not_ be inherited by a spawned process.  That is
not the end of discussions about what an attacker might try, of course,
but many of the hazards associated with escaping from a controlled 
environment are tied up with the notion of inheriting the access rights
of that controlled environment -- without the controls.
Previous By Date Next
Previous By Thread Next

Current thread: