Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stack-Smashing Protection Added To OpenBSD gcc

Posted by timothy on from the smooshing-still-in-the-wings dept.

DieNadel writes "As posted here, support to ProPolice was added to OpenBSD. You can check the announcement. Note that THERE ARE dependencies that should be taken care of before building a new kernel, even on -stable."

8 of 44 comments (clear)

  1. Performance? by Dan+Ost · · Score: 3, Interesting

    Does anyone know how this impacts the performance
    of the generated executables?

    --

    *sigh* back to work...
  2. yes by honold · · Score: 4, Informative

    perhaps you should look at the project web site?

  3. Not -stable, only -current by stab · · Score: 5, Informative

    Note that THERE ARE dependencies that should be taken care of before
    building a new kernel, even on -stable.

    No, no, no - propolice has only been added into the -current tree, so if you are tracking -stable, continue as before. Only critical fixes go into -stable, certainly nothing as huge as a big GCC patch.

  4. well isn't this just gosh darn great! by F2F · · Score: 4, Insightful

    damn it, why not make the stack grow downwards, like Plan 9 has done? ain't no stack smashing there! hell, no superuser either! (plus private namespaces take care of everything else)

    Spaf: You can't secure a machine with a privileged user.

    1. Re:well isn't this just gosh darn great! by F2F · · Score: 3, Informative

      umm, here is what i mean (see section 4.2)...

    2. Re:well isn't this just gosh darn great! by evilviper · · Score: 3, Interesting
      damn it, why not make the stack grow downwards, like Plan 9 has done? ain't no stack smashing there!

      *Ahem*. No matter which way you go, you will hit something eventually. Throw a ton of noops into the stack, followed by the shellcode, and you've exploited an incrementing* stack.

      * Terms like up & down don't work very well when talking about virtual space, as people may envision it differently. You seem to think of a higher memory address as "down"; others do not.

      Spaf: You can't secure a machine with a privileged user.

      That's nice to hear, but I completely disagree. The only problems it has ever caused is the fact that people are lazy and run everything as Root. Run every service as a normal user, remove SUID everywhere possible, and there is no way anyone can break-in, without a very bad kernel bug, or some sort of system misconfiguration.
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    3. Re:well isn't this just gosh darn great! by doug_wyatt · · Score: 4, Insightful
      Spaf: You can't secure a machine with a privileged user.
      evilviper : That's nice to hear, but I completely disagree. The only problems it has ever caused is the fact that people are lazy and run everything as Root. Run every service as a normal user, remove SUID everywhere possible, and there is no way anyone can break-in, without a very bad kernel bug, or some sort of system misconfiguration.
      That's nice to hear, as well, but there have been numerous instances where the privileged user model has caused security problems. The privileged user model forces you to have more authority than you want when you need to do any number of things. That, combined with resource naming indirection (e.g. filenames to inodes) and race conditions (e.g. if (has_certian_attributes(filename)) { delete(filename); } where someone can change what filename refers to beween the if and the then) has a long a ugly history of allowing non-trusted code to trick trusted (i.e. privileged) code to do Bad Things(tm). And it's not because the privileged code should have been run as a normal user, since there are many things that only root can do.

      Just look at how complicated sshd has had to become to try to prevent these kinds of problems. It's unacceptable that every program which needs to do one minor root-only task needs to be this complicated.

      Systems which use explicit non-indirected resource-specific privilige tokens (so you can bestow on an application the rights to do exactly what it needs to be able to do, and nothing more) are much less susceptible to such bugs/attacks.

  5. OpenBSD has lots of new coolness by RazzleDazzle · · Score: 5, Interesting

    They recently got round robin routing included in pf. They also got altq in pf also. They already merged nat.conf into pf.conf. They did a massive suid audit and a major license audit. Now propolice. I though OpenBSD was cool before a lot of this stuff came about. Some things like no-exec code are not available on all architectures though. There is also a calling for more gigabit equipment for furthur and continued testing, read the want pages and I believe Nate for more precise info, and make sure you contact him to make sure you don't get something already being donated.

    --
    ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)