Theo de Raadt wrote: >>Solaris 2.6 and above also support a kernel variable which can be set >>via /etc/system called "noexec_user_stack", which can make the stack for >>userland processes non-executable by default. Note that this behavior >>is the default for 64-bit binaries in Solaris 7, 8, and 9, and this >>kernel variable forces the behavior for 32-bit binaries. I run all >>sorts of odd software and have never had an issue with having this >>always turned on for all of my systems. > > > You just don't get it, do you? Are you even reading what people are > saying? Protecting just the stack is basically useless. 99.9% of > exploits that use the stack can be rewritten to NOT use the stack! > > But W^X protects THE ENTIRE ADDRESS SPACE. > That's fine. I'm not pointing out this functionality as some sort of be-all-end-all fix for everything. I'm simply pointing out a function that a system provides that people may find useful. And how many script kiddies are resourceful enough to re-write an exploit to *not* use the stack? The fact is, simply preventing the stack isn't perfect. But it's not entirely worthless, either. To call anything that does something useful entirely worthless is just downright silly. In today's day and age, one should do everything possible to protect themselves, whether it's going to be effective 1% of the time of 99% of the time. So, when are you releasing the Solaris kernel module to support the W^X stuff? Someone who's so married to a specific bit of defense would certainly want to release it to as many potential users as possible, whether they use OpenBSD or not, right? :-)
This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 12:06:46 PDT