It doesn't need to spawn a new shell to allow root access. It can just load the a properly-linked shell into memory (not calling execve), then jump to main. Or it can not use a shell at all. Shells aren't special in any way.True, shells aren't special. But if someone tries to smash the stack, and the kernel protects against this (hypothetically), I think that its just another level of protection.
I'll agree with you there. If you can prevent buffer over-runs, you can close a lot of holes.
The problem is, can you do it? St. Jude doesn't seem to. With some of the other things suggested, you can stop many return-address smashers. Still doesn't stop all buffer overflows (e.g., smash data, cause unexpected behavior).
The goal, in my mind, is to take the"buffer overrun" out of the hands of 99.9% of the attackers/script kiddiesout there.
I doubt it matters too much if it just becomes harder. Once someone does it (that 0.1% or whatever), they post it to the 'net and then the other 99.9% have it.
Of course, if you stop the buffer overflow, or reliably detect it before harm occurs, then the security hole in effect no longer exists
<onsoapbox> The descriptions of who and what a attacker are to me besides the point. I'll never understand why people want to put labels on someone trying to do something *bad* things to your box, I don't care what kind of intelligence or expertise these jerks have -- to me, they're equally appaulling.
I think there has been a misunderstanding here. I'm classifying them by the level of security they can break, i.e., how much of a threat they are. I mad no mention of the relative evil of the two. Only of how much time, effort, and ability they can/will expend against your machine.
You need to know what kind of attacker you will attract to design proper security. A physical example is the difference between your house, and a bank. Which is going to get attacked by someone willing to spend two months studying how it works, developing plans to avoid its security, etc.? Unless you're Bill Gates, the answer is the bank. That's the dedicated attacker.
On the other hand, which gets hit by the guy looking for loose windows, open doors, etc.? Probably not the bank. If he fails ( == the doors are locked, the windows closed, someone is home), he tries your neighbor This is the script kiddie.
OTOH, I don't think all attackers should be treated equally by the law. Just like trespass, vandalism, burglary, and armed robbery aren't. It depends on how much harm you cause.
"Thats illegal, how come if someone try's to get into your computer, they aren't arrested.". Hmmm... Mom has a good point.
Mainly due to lack of resources. Any idea how much it would of costed to prosecute everyone how did a Nimbda, Code Red, etc. attack against one of my machines? I got an attack every few minutes for a while. And how innocent most of those 'attackers' were, since their machine had been zombied.
I think the bottom line is that we'll never have 100% security until there are laws that protect the break-in's and hacking that occurs.
There are laws. Just no resources to enforce them. Investigations are expensive, especially ones which you don't have any suspects until you sift through hundreds of megabytes of logs. Can't afford to pay a expert to do that for defacing _Joe's Home Page_