Gary MacDougall([EMAIL PROTECTED])@2001.12.21 11:59:36 +0000:
> Thanks everyone for the answer.
>
> I was pretty sure that the kernel would be able
> to detect the fault, but I needed to *make* sure
> before i asked another question.
>
> Now heres my next questions and its a security one.
> Based off what was explained by Noah and Kelly,
> it appears to me that Buffer Overruns can be dealt
> with at the kernel level and that there is probably
> a way in the kernel to stop a root exploit during
> a buffer overrun. Why hasn't (or maybe someone has)
> someone come up with a "ring" or security layer that
> protects against root exploits on buffer overruns?
>
> Maybe this is totally stupid question, but I've
> been jumping into security a lot lately, and I noticed
> that most of the exploits (if not all) on Linux/Unix
> are basically buffer overrun. After reading that
> excellent article "Smashing the stack for fun and
> profit", it became pretty clear that there are really
> two issues:
>
> 1. Applications that allow for an overrun
> 2. The kernel allowing for the exec of a shell (ouch!).
>
> Why not simply have a ring in the kernel that one good
> attach the processes too which protected against this?
http://www.openwall.com/linux/
The Openwall patches protect against explointing buffer overruns I
think, they're not available for 2.4 yet though.
--
,-------------------------------------------.
> Name: Alson van der Meulen <
> Personal: [EMAIL PROTECTED] <
> School: [EMAIL PROTECTED] <
`-------------------------------------------'
You might as well all go home early today ...
---------------------------------------------
