Re: Debian Stable server hacked

To: debian-security <debian-security@lists.debian.org>
Subject: Re: Debian Stable server hacked
From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
Date: Wed, 20 Aug 2003 17:23:30 +0200
Message-id: <[🔎] 20030820152330.GA14181@vekoll.saturnus.vein.hu>
In-reply-to: <[🔎] 20030814160040.GL14846@alcor.net>
References: <[🔎] 3F310A43.9060101@balpol.tudelft.nl> <[🔎] 20030807155215.GD18220@alcor.net> <[🔎] 3F328651.8030009@balpol.tudelft.nl> <[🔎] 20030813042005.GA570@galacticasoftware.com> <[🔎] 1060804961.28883.44.camel@columbia> <[🔎] 20030813223952.GA5518@hotpop.com> <[🔎] 1060816139.2635.23.camel@columbia> <[🔎] 20030814010051.GB5518@hotpop.com> <[🔎] 20030814160040.GL14846@alcor.net>

On Thu, Aug 14, 2003 at 12:00:40PM -0400, Matt Zimmerman wrote:
> On Wed, Aug 13, 2003 at 09:00:51PM -0400, valerian wrote:
> 
> > It actually does a very good job of stopping any kind of "stack-smashing"
> > attack dead in its tracks (both the stack and heap are marked as
> > non-executable).  That takes care of most vulnerabilities, both known and
> > unknown.
> 
> No, it really doesn't.  It might stop some common implementations of
> exploits, but that's about it.  There are many papers available which
> describe the shortcomings of this kind of prevention.

Could you provide some pointers on the topic?

> You don't need an executable stack to get control of execution, you only
> need to be able to change the instruction pointer, which is stored on the
> stack (as data).

PaX is not just about non-executable address regions, but address
space randomization.  In my understanding, the attacker just
doesn't know what he should modify the IP to.  Given this, are
you certain that only a narrow range of exploits ("common
implementations") can be killed via PaX?

bit,
adam

-- 
1024D/37B8D989 954B 998A E5F5 BA2A 3622  82DD 54C2 843D 37B8 D989      
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever

Reply to:

Follow-Ups:
- Re: Debian Stable server hacked
  - From: "Noah L. Meyerhans" <noahm@debian.org>
- Re: Debian Stable server hacked
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Debian Stable server hacked
  - From: Thijs Welman <thijs@balpol.tudelft.nl>
- Re: Debian Stable server hacked
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Debian Stable server hacked
  - From: Thijs Welman <thijs@balpol.tudelft.nl>
- Re: Debian Stable server hacked
  - From: "Adam Majer" <adamm@galacticasoftware.com>
- Re: Debian Stable server hacked
  - From: Colin Walters <walters@verbum.org>
- Re: Debian Stable server hacked
  - From: valerian <valerian2@hotpop.com>
- Re: Debian Stable server hacked
  - From: Colin Walters <walters@verbum.org>
- Re: Debian Stable server hacked
  - From: valerian <valerian2@hotpop.com>
- Re: Debian Stable server hacked
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Simple e-mail virus scanner
Next by Date: Re: Postfix Security Documentation
Previous by thread: Re: Debian Stable server hacked
Next by thread: Re: Debian Stable server hacked
Index(es):
- Date
- Thread