Re: Fwd: LSM patch for Linux-2.4.20-8

From: Crispin Cowan (crispin@private)
Date: Thu Jan 20 2005 - 22:01:49 PST

Seth Arnold wrote:

>On Fri, Jan 21, 2005 at 09:08:17AM +0800, Rogelio Serrano wrote:
>>Is there a way to have these kind of protection without hiding bugs.
>>Maybe the audit framework can help?
>"Hiding bugs" is _not_ what a non-executable stack or data segment does;
>if a program relies on executable stack or data segment for executing,
>the process will die a miserable death. And loudly, at that.
But to be fair to Rogelio, defensive measures like StackGuard and NX do 
"hide" bugs in that the bug is not visible until run time conditions 
trigger the bug and thence the defense. So in effect, the attacker is 
the one who "discovers" the bug, and defenses like StackGuard and NX 
notify you that someone else has discovered vulnerable code running on 
your box.


Crispin Cowan, Ph.D.
CTO, Immunix

This archive was generated by hypermail 2.1.3 : Thu Jan 20 2005 - 22:02:57 PST