Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Buffer overflow prevention
From: Crispin Cowan (crispinimmunix.com)
Date: Fri Aug 15 2003 - 13:48:14 CDT
Shaun Clowes wrote:
>Perhaps I'm the only one who feels this way, but I believe that the vast
>majority of the exploitation of systems is being performed by people
>with no knowledge of how to write an exploit and that the vast majority
>of exploits are fragile. Doing anything that makes you different from
>every other installation of Linux/HPUX/Solaris/InsertOSHere will
>drastically decrease the changes of any point and click exploit working
>Could a determined (and knowledgable) attacker still get through? Sure.
>But if we're talking protections that take very little effort to
>implement, have a minor performance impact and will save your
>skin some of the time, it's obvious that it's worth deploying them. As
>long as you're not kidding yourself that you're then totally secure.
Exactly: trivial changes will protect you from script kiddies.
Non-bypassability is required to protect you from determined attackers.
It depends on your threat model: how much will a penetration event cost
you? What is it worth to someone to hack you?
>Its kind of reminiscent of that old joke about the two guys running away
>from the lion. You don't have to beat the lion, just the other person.
But if you taste better (you are a bank and he is a basement RH box)
then the lion may choose to chase you anyway.
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com