linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* about buffer overflow.
@ 2003-05-18 22:27 Halil Demirezen
  2003-05-18 23:11 ` aradorlinux
  2003-05-18 23:15 ` Felipe Alfaro Solana
  0 siblings, 2 replies; 6+ messages in thread
From: Halil Demirezen @ 2003-05-18 22:27 UTC (permalink / raw)
  To: linux-kernel

Maybe it is silly to ask but,
is there a default protection for buffer overflows in kernels versioned above 2.4.20 ??


sincerely.



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: about buffer overflow.
  2003-05-18 22:27 about buffer overflow Halil Demirezen
@ 2003-05-18 23:11 ` aradorlinux
  2003-05-19  0:00   ` Halil Demirezen
  2003-05-18 23:15 ` Felipe Alfaro Solana
  1 sibling, 1 reply; 6+ messages in thread
From: aradorlinux @ 2003-05-18 23:11 UTC (permalink / raw)
  To: Halil Demirezen; +Cc: linux-kernel

On Mon, 19 May 2003 01:27:42 +0300
Halil Demirezen <nitrium@bilmuh.ege.edu.tr> wrote:

> Maybe it is silly to ask but,
> is there a default protection for buffer overflows in kernels versioned above 2.4.20 ??

http://marc.theaimsgroup.com/?l=linux-kernel&m=105189350008143&w=2
is quite interesting


Kudos to the redhat people :)

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: about buffer overflow.
  2003-05-18 22:27 about buffer overflow Halil Demirezen
  2003-05-18 23:11 ` aradorlinux
@ 2003-05-18 23:15 ` Felipe Alfaro Solana
  1 sibling, 0 replies; 6+ messages in thread
From: Felipe Alfaro Solana @ 2003-05-18 23:15 UTC (permalink / raw)
  To: Halil Demirezen; +Cc: LKML

On Mon, 2003-05-19 at 00:27, Halil Demirezen wrote:
> Maybe it is silly to ask but,
> is there a default protection for buffer overflows in kernels versioned above 2.4.20 ??

I think this link will be of your interest:

http://linuxtoday.com/security/2003050501026OSKNDV


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: about buffer overflow.
  2003-05-18 23:11 ` aradorlinux
@ 2003-05-19  0:00   ` Halil Demirezen
  2003-05-19  6:22     ` Barry K. Nathan
  0 siblings, 1 reply; 6+ messages in thread
From: Halil Demirezen @ 2003-05-19  0:00 UTC (permalink / raw)
  To: aradorlinux; +Cc: linux-kernel

> http://marc.theaimsgroup.com/?l=linux-kernel&m=105189350008143&w=2
> is quite interesting


yes that is interesting, however, what i want to learn, clearly, is this patch available 
from 2.4.20-rc1 at every default linux kernel from this moment on?

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: about buffer overflow.
  2003-05-19  0:00   ` Halil Demirezen
@ 2003-05-19  6:22     ` Barry K. Nathan
  0 siblings, 0 replies; 6+ messages in thread
From: Barry K. Nathan @ 2003-05-19  6:22 UTC (permalink / raw)
  To: Halil Demirezen; +Cc: aradorlinux, linux-kernel

On Mon, May 19, 2003 at 03:00:47AM +0300, Halil Demirezen wrote:
> yes that is interesting, however, what i want to learn, clearly, is
> this patch available from 2.4.20-rc1 at every default linux kernel
> from this moment on?

It (ExecShield0 is *not* in the mainline kernel at this time. I don't
know when (or even if) it'll be added to the mainline kernels either.

Red Hat's Rawhide kernels (2.4.20-1.1990 for example) seem to have it,
but those are experimental kernels that are not for production use. I
guess time will tell whether Red Hat ships ExecShield by default in
their next release.

BTW, another option is the pageexec ("PaX") patch:
http://pageexec.virtualave.net/ (warning: this page has pop-up windows)

and that's integrated into a more comprehensive security patch,
grsecurity:
http://www.grsecurity.net/

-Barry K. Nathan <barryn@pobox.com>

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: about buffer overflow.
       [not found] <E19Hp05-0005FO-00@andromeda>
@ 2003-05-19 20:36 ` Justin Pryzby
  0 siblings, 0 replies; 6+ messages in thread
From: Justin Pryzby @ 2003-05-19 20:36 UTC (permalink / raw)
  To: Barry K. Nathan; +Cc: linux-kernel

Check out [http://www.trusteddebian.org/].  They apply a bunch of kernel
patches like grsecurity.  Seems they have to recompile, repackage all
the .debs though.  

It is interesting to note that some of these patches introduce an
apparent non-determinism into userspace; the same inputs could result in
different outputs (the difference is that there are more inputs than
userspace can actually see).  So, maybe it could happen that you get a
segv from an off by 1, but when you rerun it, you can't reproduce it
because all the addresses are different.

In practice, this will eventually segv somewhere, and someone will find
the problem, but its something to consider.

Justin Pryzby

On Mon, May 19, 2003 at 02:22:00AM +0000, Barry K. Nathan wrote:
> 
> On Mon, May 19, 2003 at 03:00:47AM +0300, Halil Demirezen wrote:
> > yes that is interesting, however, what i want to learn, clearly, is
> > this patch available from 2.4.20-rc1 at every default linux kernel
> > from this moment on?
> ...
> BTW, another option is the pageexec ('PaX') patch:
> http://pageexec.virtualave.net/ (warning: this page has pop-up windows)
> 
> and that's integrated into a more comprehensive security patch,
> grsecurity:
> http://www.grsecurity.net/
> 
> -Barry K. Nathan <barryn@pobox.com>

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-05-19 20:27 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-05-18 22:27 about buffer overflow Halil Demirezen
2003-05-18 23:11 ` aradorlinux
2003-05-19  0:00   ` Halil Demirezen
2003-05-19  6:22     ` Barry K. Nathan
2003-05-18 23:15 ` Felipe Alfaro Solana
     [not found] <E19Hp05-0005FO-00@andromeda>
2003-05-19 20:36 ` Justin Pryzby

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).