On Wednesday 29 December 2004 16:41, Malte Gell wrote:
What has turning on/off un/needed services to do with protection against buffer overflows?
If the service isn't running it doesn't matter how many buffer overflows are found in the code - none are exploitable.
SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty.
Er, a vulnerablility that hasn't been discovered isn't a danger to anyone and doesn't need protecting against! I'm not sure what you mean to say here.
It would be interesting to see how much attacks had been prevented if SSP were used more widely.
Not that many I suspect. SSP is unlikely to make a vulnerability unexploitable, just harder to exploit. If I were penetration testing a machine I knew to be using SSP I'd just craft my exploit accordingly. Sometimes SSP/Stackguard/Stackshield/et al make it impossible to exploit a vulnerability, but that is far from guaranteed. More likely the attacker just needs to try harder. You appear to be under the impression that these sorts of tools offer genuine protection. They don't. They sometimes downgrade a code execution exploit into a denial of service (because the "protected" program will still crash when its buffer is overflowed), but in general they just force the attacker to work harder.