[13173] in bugtraq
Re: Fix for HP-UX automountd/autofs exploit (fwd)
daemon@ATHENA.MIT.EDU (LaMont Jones)
Fri Dec 31 13:41:52 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Id: <17863.946651517.1@cranston.fc.hp.com>
Message-Id: <19991231144517.E458818726@security.hp.com>
Date: Fri, 31 Dec 1999 07:45:17 -0700
Reply-To: LaMont Jones <lamont@SECURITY.HP.COM>
From: LaMont Jones <lamont@SECURITY.HP.COM>
X-To: douglas-siebert@uiowa.edu
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Thu, 30 Dec 1999 21:26:29 CST."
<Pine.HPX.4.20.9912302125400.22465-100000@l-ecn010.icaen.uiowa.edu>
> HP is adding/has added executable stack protection to HP-UX 11, and it
> is quite nice as it is implemented on a per binary basis. Just look at
> the man page for chatr(1) on a recently patched HP-UX 11 system. I
> don't know if all the bits required for this to work are operational
> yet, but I remember hearing that the next release of HP-UX 11 (due next
> spring I believe) includes "buffer overflow protection". Not that this
> would help the automountd hole but most of the holes nowadays are buffer
> overflows so it'll be nice that we'll be able to make them pretty much a
> thing of the past on HP-UX soon enough, and without the annoying
> tradeoffs that the Solaris/Linux style global kernel tunable require.
The only sad thing is that for "compatibility", the default is the old,
arguably broken, behavior.
When you see the tunable 'executable_stack' show up in
/usr/conf/master.d/core-hpux, you'll want to set it to 0, which tells
it to use the bit in the binary to permit/deny stack promotion. That
should eventually become the default (I hope).
Of course, this is not an official statement, things can (and do) change,
your mileage may vary, etc, etc...
lamont
