On Wed, May 22, 2002 at 08:00:25PM +0200, lorenzo wrote: > as others have already stated, no, you can execute anything from an > overflow. But still, you will be able to lock out 99.99% of those script > kiddies who just try the overflow. > Maybe the percentage is not that accurate, but still the idea is > similar.. I'd say from what I've just heard (16 responses in 12 hours - wow!) we can deduce the following: * non-root chrooted jails will stop 99.x% of buffer overflows due to the fact that the majority of such attacks are generic - and therefore rely on the presence of programs on the compromised systems to do their work. * there's a fair chance that a successful attack would need to be hand-crafted to work against your particular system. Congratulations, hacker has left the field for easier pickings ;-) I guess once in-memory (compared with executing local binaries) code execution becomes commonplace, this "advantage" will fade away. Still, nothing beats secure code to begin with. -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:11:57 PDT