Executable memory: further programs that fail
Tim Daly
daly at rio.sci.ccny.cuny.edu
Sat Nov 22 03:54:32 UTC 2003
Can someone explain in detail why exec-shield makes the system more secure?
I understand that making the stack non-executable by default might help.
I understand why read-only code sections might help.
I can't understand why brk needs to change.
I can't understand why random dynamic library location helps.
I'd really like to understand
(a) what exec-shield changes
(b) why these changes REALLY help (I can search memory to find the
random dynamic library locations. Randomness doesn't hide things).
(c) code fragments with before-and-after
I believe that enabling security measures THAT HELP should be done
by default. However, some of these changes are fundamental to the
whole design of Unix. The changes seems to be based on a strict legal
reading of API calls and use the assumption that if the rules don't
specifically disallow the change then exec-shield can do what it wants.
It's about like going to a football game and finding that some of the
seats are actually scattered on the field. The rules don't disallow that
behavior but everyone will have to work around the change.
Tim Daly
axiom at tenkan.org
daly at idsi.net
More information about the fedora-devel-list
mailing list