DragonFly BSD
DragonFly kernel List (threaded) for 2003-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Anyone protecting the stack?


From: Sander Vesik <sander@xxxxxxxxxxxxxxxxxxx>
Date: 24 Sep 2003 00:57:32 GMT
Cache-post-path: haldjas.folklore.ee!unknown@localhost

Hiten Pandya <hmp@xxxxxxxxxxxxx> wrote:
> Sander Vesik wrote:
> 
> : The obvious way to make this optional is to set a flag in the elf files.
> : Thios will also avoid loading a non-unexecutable-stack-safe shlib into
> : a process that won't have a executable stack.
> 
>        Well, this makes me wonder if you set flags in ELF files, what
>        would happen to files that are going to be emulated; surely,
>        this files would seem to have more of a risk factor.
> 
>        From my point of view, there are too many things that need to
>        be considered and need to be taken into account for adding such
>        a feature to mainstream DragonFly code.

Think of it as a tool - you can make things that are more exposed (on acount
of say being network services etc) like ... ahem! ... say sshd guard their 
stack and thus be harder to compromise and potentially making generic expolits
not work.

> 
>        Although, once I get the ``Patch Page'' up on the website, we
>        can put this work up there, just like how I suggested for the
>        ACPI patchset.  At least this way, it gets exposure, more
>        testing and we don't have to risk unwanted integration into
>        the DragonFly CVS.

Sure - a lot of things can and in cases should be tested out before being
integrated into the tree proper.

> 
>        Regards,
> 

-- 
	Sander

+++ Out of cheese error +++



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]