[11868] in bugtraq
Re: fixing all buffer overflows --- random magin numbers
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Mon Sep 13 02:07:13 1999
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990912235943.H29515@attic.vuurwerk.nl>
Date: Sun, 12 Sep 1999 23:59:43 +0200
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <m11PyZm-000369C@jmh>; from Dr. Joel M. Hoffman on Sat, Sep 11,
1999 at 09:37:00PM -0400
On Sat, Sep 11, 1999 at 09:37:00PM -0400, Dr. Joel M. Hoffman wrote:
> I was thinking --- it wouldn't be too hard to make buffer overflow
> attacks impossible. The basic idea is to do away with binary
> compatibility.
>
> In particular, I was thinking that part of building a kernel would
> involve assigning a random number to each syscall, and creating a
> syscall.h file with these random numbers. A binary would only run if
> it was compiled with the proper syscall.h, so all binaries would have
> to be recompiled for the new kernel, but then, syscall.h could be
> removed, and the system would be impervious to buffer overflow
> attacks. (One step further would involve random magic numbers in
> every function call.)
>
> I would be happy to give up binary compatilibyt for the added security
> it would add.
>
> Comments?
Yaps.
[damn.. shouldn't drink beer when doing bugtraq postings. Well, I'll try my
best]
Your idea poses a problem:
distro-builders can't do binary distro's anymore. _everything_ should be
compiled. No more RPM. No more .deb. That sure would piss off lots of
people. Even RedHat users would have to compile their own kernels.
Also, for non-opensource systems, this would be quite heavy to do.
Also, it might not be effective. How many syscalls does one exploit really
use? Looking at my syscall.h (Linux 2.0.36), they're all under 256. Not
much to brute-force, I'd say.
Ofcourse, anything helps. It'll stop standard exploits. It'll stop
scriptkiddies, even (I like your idea, despite of the problems it creates).
Well.. find someone crazy enough to implement it. I'm curious to the
results :)
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | peter@attic.vuurwerk.nl |
nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
