OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Here is my plan for firewall implement

Re: Here is my plan for firewall implementation

Alfred Huger (ahugersilence.secnet.com)
Wed, 24 Sep 1997 10:58:11 -0600 (MDT)

On Tue, 23 Sep 1997, Paul D. Robertson wrote:

> On Mon, 22 Sep 1997, Adam Shostack wrote:
>
> > Casper Dik has posted a tool to Bugtraq to turn off stack
> > executability on Sparcs. It invalidates the standard egg, but there
> > may be ways around it. (If a user can overwrite arbitrary memory, he
> > can probably do arbitrary things. The 'correct' solution is to
>
> There was one from 'Solar Designer' earlier this year, or late last year
> which did the same thing on Linux/Intel. If anyone has both pieces of
> code somewhere, as well as some further discussion, I'd appreciate a pointer.
>

I believe the same author (Solar Designer) also posted an exploit which
overflowed the heap as opposed to the stack. It should be noted that
turning the executable bit on your stack off on may deter anklebiters
running standard bugtraq exploits, but it will not stop someone
sufficiently motivated.

While overflows are more than common enough, so are race conditions. Some
operating systems have made a serious attempt at removing tmp file race
conditions by using mkstemp(3) in their code to further randomize file
names. Attacks based on race conditions are still widely exploitable,
particularly (although not exclusively) in BSD derivatives.

/****************************************************************************
Alfred Huger http://www.secnet.com/ballista
Project Director ahugersecnet.com
Secure Networks Inc. (SNI)
*****************************************************************************/

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT