1 |
On Wed, 2004-09-22 at 17:13, John Richard Moser wrote: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA1 |
4 |
> |
5 |
> |
6 |
> |
7 |
> Ciaran McCreesh wrote: |
8 |
> | On Wed, 22 Sep 2004 11:54:55 -0400 John Richard Moser |
9 |
> | <nigelenki@×××××××.net> wrote: |
10 |
> |
11 |
> [...] |
12 |
> |
13 |
> | Personally, I don't see the point in an ugly hack which occasionally |
14 |
> | sort of protects you from badly written code... |
15 |
|
16 |
This is the same attitude I'd expect from somebody that would write |
17 |
vulnerable code in the first place !@#$%^& |
18 |
|
19 |
> The option's there for |
20 |
> |
21 |
> wtf? It's been around for what, 6 years almost? Sure, C doesn't do |
22 |
> bounds checking, so this is technically a hack; but it's a very planned |
23 |
> out, structured hack with specific goals. Compiler optimizations are |
24 |
> more of a hack; they rearrange and change your code around to make it |
25 |
> run faster. |
26 |
> |
27 |
> Your use of 'occasionally' is blatantly misleading. Unless I'm |
28 |
> misremembering this, CERT has been getting more and more reports of |
29 |
> programs with buffer overflow based vulnerabilities each year. I |
30 |
> thought it was up to something like 2000-3000 per year nowadays. Last I |
31 |
> looked there were about 170 format string based vulnerabilities. I'm |
32 |
> sure there's other types, but aside from good old retarded design (i.e. |
33 |
> automatically executing scripts from untrusted sources as root by |
34 |
> default), I haven't heard of them. IANASE. |
35 |
|
36 |
Yes. Our security team has currently done 141 GLSA's this year alone. |
37 |
42 of which match the string overflow. |
38 |
|
39 |
Only 1 of those does not play along with -fstack-protector that I'm |
40 |
aware of and that's being worked on currently. |
41 |
|
42 |
|
43 |
|
44 |
> |
45 |
> Vulnerabilities are 'occasionally' found, but of the lot of them, a good |
46 |
> chunk is protected from with this. Not all, but a lot. The overhead |
47 |
> from this is very minimal; and the proposal was only to implement it in |
48 |
> the most vulnerable places. It's usually not obviously visible even if |
49 |
> implemented system-wide; at least, not until somebody overflows |
50 |
> something and it aborts instead of giving them a shell. |
51 |
|
52 |
Perhaps even expanding the scope of your original posting to the point |
53 |
where we have a blacklist(hall of shame) would be a good idea. |
54 |
Maybe something like if the security team has to do a GLSA on a package |
55 |
that involves a memory overflow then said package gets fstack for the |
56 |
duration of it's lifetime at gentoo as well? |
57 |
|
58 |
> |
59 |
> Have you read the paper Etoh and Yoda wrote on SSP? |
60 |
> http://www.trl.ibm.com/projects/security/ssp/main.html It's very |
61 |
> enlightening. |
62 |
> |
63 |
> | anyone who really wants it, but we tend more towards a "turn most things |
64 |
> | off unless the user asks for them" approach, hence the relatively low |
65 |
> | number of things turned on in the default USE settings. |
66 |
> |
67 |
|
68 |
> Well then leave it turned off, but put a note about the availability of |
69 |
> the feature in the comments above FEATURES= in make.conf. |
70 |
|
71 |
With FEATURES="noautossp" the user would be free to disable it on their |
72 |
own accord but being a responsible distribution to the users and the |
73 |
computing world we would/should not. |
74 |
|
75 |
> |
76 |
> | |
77 |
> | | Any comments? Would this be more suitable as a USE or a FEATURES |
78 |
> | | setting? |
79 |
> | |
80 |
> | FEATURES, not USE. |
81 |
> | |
82 |
> |
83 |
> - -- |
84 |
> All content of all messages exchanged herein are left in the |
85 |
> Public Domain, unless otherwise explicitly stated. |
86 |
> |
87 |
> -----BEGIN PGP SIGNATURE----- |
88 |
> Version: GnuPG v1.2.6 (GNU/Linux) |
89 |
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
90 |
> |
91 |
> iD4DBQFBUesPhDd4aOud5P8RAt1OAJjySIXem4RXzdJ01iVAvyTfjw/XAJ4wW8Yc |
92 |
> IgmuKFSm88Q2C/tOVEVzFQ== |
93 |
> =5dfk |
94 |
> -----END PGP SIGNATURE----- |
95 |
> |
96 |
> -- |
97 |
> gentoo-dev@g.o mailing list |
98 |
-- |
99 |
Ned Ludd <solar@g.o> |
100 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |