On Thursday 30 December 2004 00:07, James M. Patton wrote:
But when dealing with script kiddies, any delay or difficulties you can cause very well may make the difference. In general, anything that one can do to increase the security of an information system under their control is a good thing. And any tools the vendors can provide us only helps to increase the security posture of our systems.
Agreed, but you and most other people in this thread are continuing to make the assumption that these sorts of tools actually do what you want them to do. In the quote above you assume they will present delays or difficulties to script kiddies (or, I presume, any other flavour of attacker). Do you have reason to believe that they will actually do that? Have a look at Metasploit or some such script kiddie haunt: how long would it take to convert any of their exploits to bypass anti-stack smashing trickery? Not long, I suspect. An hour or two maybe. In the past I've taken a Metasploit exploit and fine tuned it myself for a specific penetration test. That example was a Windows one, actually, and I was trying to bypass something other than a stack guard, but I still did it without any real trouble. If stack guards become defacto standard on Linux, all the Metasploit exploits, and all the other script kiddie exploits, will be adjusted to bypass the protection. Exactly nothing will have been gained: script kiddies will still be able to download and run exploits, and 0-day hackers will just need to spend another hour in front of their disassembler working their way past one more hurdle to make their exploit work. Oh, and my computer will run slightly slower.
Downgrading a local / remote compromise (or code execution exploit) to a denial of service is a great step forward. It could mean the difference of joe hacker crashing your system or having your shadow file - which would you prefer? I personally would prefer that my system be crashed than having to deal with a security incident.
So would I, if that's what is achieved. As I said in a previous post, partial protection is *sometimes* achieved. If the reality is that for the most part these patches don't work, they do more harm than good. False sense of security, slower computers. As Thomas Beige said: "We evaluated various solutions. The problem is that some are very intrusive and most can be bypassed." I believe Linus rejected software based non-executable stack patches for the kernel for the same reasons.