> [...]
> > With the advent of scripted identifying and autorooting, it's possible for
> > an attacker to root dozens, if not hunderds, of systems within hours of an
> > exploit release.
>
> Note that they _don't_ write this themselves, they get them prepackaged
> from somewhere. So the next epidemy includes identifying nonexec-stack
> machines, and has specific exploits for them. You gained nothing in the
> long run, everybody lost. Sure, it may make you somewhat safer now. So
> apply the patches.
I have a statement which I like you to affirm or deny. It will clear up a
lot of things I think.
"If there is a remotely exploitable stack-smash attack for *ANY* userspace
application or daemon (i.e. Netscape or Sendmail) running on ia32 Linux without
the Solar Designer No-exec-patch, then there *must* exists an exploit for
that application on ia32 Linux *WITH* that patch applied."
If you agree with this statement, I believe you are incorrect and I am
willing to put money on a public challenge.
If you disagree, then what is your argument against this patch?
What if the patch was described as a tool to:
"To stop attacks made impossible by the patch and to make creating a
working attack a bit more difficult in cases where there is still possible
exploit"
> > So even if I had my beeper connected to bugtrack and every underground
> > cracker IRC channel, I could still be rooted before I got to the keyboard.
>
> Nonexecutable stack won't change that a bit.
Throught this discussion, I've come to the realization that I now would
prefer this patch NOT go into the standard kernel. Right now it does
protect me against more then it would if it went in. It's a selfish
desire, I suppose. :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/