Mailinglist Archive: opensuse (4020 mails)

< Previous Next >
Re: [SLE] spyware
  • From: Anders Johansson <andjoh@xxxxxxxxxx>
  • Date: Mon, 4 Oct 2004 22:12:46 +0200
  • Message-id: <200410042212.46537.andjoh@xxxxxxxxxx>
On Monday, 4 October 2004 21.51, Örn Hansen wrote:
> måndag 04 oktober 2004 18:54 skrev Anders Johansson:
> > I have no idea what you're talking about, what technology would that be?
> >
> > A quick google gave this:
> >
> > http://www.vnsecurity.net/data/library/heaptut.txt
>
> Thank you for a nice pointer, it just proved my point ... to use any of
> these exploits, you need comprehensive knowledge of the code and program to
> be exploited.

Yes, you're right, every exploit ever created was produced by someone with
access to the source. No one could ever exploit any program ever without
knowing how it was programmed

> The examples above, use an exploit on argv ... but they rely
> on that a certain argv pointer is used as a variable to execl.
>
> Second, in a properly implemented virtual memory manager ... data pages
> are not executable, and code pages are not writable. And a very well
> implemented memory management, will mark data pages that are loaded at
> runtime (program data) , as read-only (constants). Of course, that leaves
> variables vulnerable to being overrun, if the program doesn't care to
> verify that any buffered input, doesn't overflow. But, what the effect of
> such an action is, greatly depends on the program, the code and requires in
> depth knowledge of that particular scenario. The good old days, of simple
> "overflow the stack, to return to a data page to execute code read into the
> buffer", are gone. Or should be, unless someone didn't read the Computer
> Science textbooks right... never really thought the stuff needed to be
> read over and over again, it's sorta obvious.

I'm sure Theo de Raadt will be glad to hear he can retire now. All he needs to
do is allocate everything on the heap and the world will be a safer place.
And the NSA should be prosecuted for misuse of public funds for that SELinux
stuff, clearly a waste, all they need is a heap and a memory manager
implemented according to the computer science text books. Not to mention all
that Common Critera nonsense, those guys obviously never studied computer
science, imagine wasting all those millions when all they needed was a heap

< Previous Next >
Follow Ups