Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

David S. Miller (davem@dm.cobaltmicro.com)
Tue, 4 Aug 1998 14:01:02 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Loveland: "[PATCH] minor ext2 bug"
Previous message: Perry Harrington: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Maybe in reply to: Zachary Amsden: "[PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Next in thread: Dean Gaudet: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Reply: Dean Gaudet: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"

From: alan@lxorguk.ukuu.org.uk (Alan Cox)
Date: Tue, 4 Aug 1998 21:55:20 +0100 (BST)

> exec patch just makes the stack smashing attacks harder (you need
> to make use of code present somewhere else, but it's still
> doable), not impossible.

99% of attackers are too stupid to write attack programs, 99% of
attack programs aren't written to cope with the stack protection
patch

So the argument goes that the people capable of coding exploits can
now just write one which deals with the stack execute protection cases
too, then what do you do?

Later,
David S. Miller
davem@dm.cobaltmicro.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Chris Loveland: "[PATCH] minor ext2 bug"
Previous message: Perry Harrington: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Maybe in reply to: Zachary Amsden: "[PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Next in thread: Dean Gaudet: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Reply: Dean Gaudet: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"