Most of the exploits we are interested in are based on stack or heap overflows, which may be executable memory zones on Linux systems. Moreover, these exploits, in practice, are made possible thanks to unreliable C functions such as strcpy.
As these vulnerabilities are well-known, some solution proposals and implementations exist. We will focus on two of them in this chapter:
• Libsafe (ttp://www.research.avayalabs.com/project/libsafe/)
• Grsecurity's set of Kernel patches (http://www.grsecurity.net/)
Libsafe is a library which re-writes some sensitive libc functions (strcpy, strcat, sprintf, vsprintf, getwd, gets, realpath, fscanf, scanf, sscanf to prevent any overflow caused by a misuse of one of them. It launches alerts when an overflow attempt is detected.
Grsecurity offers a set of several Kernel patches, gathered in a single one, which offers among others the possibility to make the stack or the heap non-executable. Please note that we will not discuss whether it is a good idea or not, on a security point of view, to do so... This debate was initiated some time ago, it is up to you to know if this is worth or not.
No comments:
Post a Comment