| 1 |
On Wed, 2004-09-22 at 17:13, John Richard Moser wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA1 |
| 4 |
> |
| 5 |
> |
| 6 |
> |
| 7 |
> Ciaran McCreesh wrote: |
| 8 |
> | On Wed, 22 Sep 2004 11:54:55 -0400 John Richard Moser |
| 9 |
> | <nigelenki@×××××××.net> wrote: |
| 10 |
> |
| 11 |
> [...] |
| 12 |
> |
| 13 |
> | Personally, I don't see the point in an ugly hack which occasionally |
| 14 |
> | sort of protects you from badly written code... |
| 15 |
|
| 16 |
This is the same attitude I'd expect from somebody that would write |
| 17 |
vulnerable code in the first place !@#$%^& |
| 18 |
|
| 19 |
> The option's there for |
| 20 |
> |
| 21 |
> wtf? It's been around for what, 6 years almost? Sure, C doesn't do |
| 22 |
> bounds checking, so this is technically a hack; but it's a very planned |
| 23 |
> out, structured hack with specific goals. Compiler optimizations are |
| 24 |
> more of a hack; they rearrange and change your code around to make it |
| 25 |
> run faster. |
| 26 |
> |
| 27 |
> Your use of 'occasionally' is blatantly misleading. Unless I'm |
| 28 |
> misremembering this, CERT has been getting more and more reports of |
| 29 |
> programs with buffer overflow based vulnerabilities each year. I |
| 30 |
> thought it was up to something like 2000-3000 per year nowadays. Last I |
| 31 |
> looked there were about 170 format string based vulnerabilities. I'm |
| 32 |
> sure there's other types, but aside from good old retarded design (i.e. |
| 33 |
> automatically executing scripts from untrusted sources as root by |
| 34 |
> default), I haven't heard of them. IANASE. |
| 35 |
|
| 36 |
Yes. Our security team has currently done 141 GLSA's this year alone. |
| 37 |
42 of which match the string overflow. |
| 38 |
|
| 39 |
Only 1 of those does not play along with -fstack-protector that I'm |
| 40 |
aware of and that's being worked on currently. |
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
> |
| 45 |
> Vulnerabilities are 'occasionally' found, but of the lot of them, a good |
| 46 |
> chunk is protected from with this. Not all, but a lot. The overhead |
| 47 |
> from this is very minimal; and the proposal was only to implement it in |
| 48 |
> the most vulnerable places. It's usually not obviously visible even if |
| 49 |
> implemented system-wide; at least, not until somebody overflows |
| 50 |
> something and it aborts instead of giving them a shell. |
| 51 |
|
| 52 |
Perhaps even expanding the scope of your original posting to the point |
| 53 |
where we have a blacklist(hall of shame) would be a good idea. |
| 54 |
Maybe something like if the security team has to do a GLSA on a package |
| 55 |
that involves a memory overflow then said package gets fstack for the |
| 56 |
duration of it's lifetime at gentoo as well? |
| 57 |
|
| 58 |
> |
| 59 |
> Have you read the paper Etoh and Yoda wrote on SSP? |
| 60 |
> http://www.trl.ibm.com/projects/security/ssp/main.html It's very |
| 61 |
> enlightening. |
| 62 |
> |
| 63 |
> | anyone who really wants it, but we tend more towards a "turn most things |
| 64 |
> | off unless the user asks for them" approach, hence the relatively low |
| 65 |
> | number of things turned on in the default USE settings. |
| 66 |
> |
| 67 |
|
| 68 |
> Well then leave it turned off, but put a note about the availability of |
| 69 |
> the feature in the comments above FEATURES= in make.conf. |
| 70 |
|
| 71 |
With FEATURES="noautossp" the user would be free to disable it on their |
| 72 |
own accord but being a responsible distribution to the users and the |
| 73 |
computing world we would/should not. |
| 74 |
|
| 75 |
> |
| 76 |
> | |
| 77 |
> | | Any comments? Would this be more suitable as a USE or a FEATURES |
| 78 |
> | | setting? |
| 79 |
> | |
| 80 |
> | FEATURES, not USE. |
| 81 |
> | |
| 82 |
> |
| 83 |
> - -- |
| 84 |
> All content of all messages exchanged herein are left in the |
| 85 |
> Public Domain, unless otherwise explicitly stated. |
| 86 |
> |
| 87 |
> -----BEGIN PGP SIGNATURE----- |
| 88 |
> Version: GnuPG v1.2.6 (GNU/Linux) |
| 89 |
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 90 |
> |
| 91 |
> iD4DBQFBUesPhDd4aOud5P8RAt1OAJjySIXem4RXzdJ01iVAvyTfjw/XAJ4wW8Yc |
| 92 |
> IgmuKFSm88Q2C/tOVEVzFQ== |
| 93 |
> =5dfk |
| 94 |
> -----END PGP SIGNATURE----- |
| 95 |
> |
| 96 |
> -- |
| 97 |
> gentoo-dev@g.o mailing list |
| 98 |
-- |
| 99 |
Ned Ludd <solar@g.o> |
| 100 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives