Re: Public disclosure of discovered vulnerabilities
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Public disclosure of discovered vulnerabilities

From: Andrew Swallow <am.swallow@btopenworld.com>
Date: Wed Jun 08 2005 - 03:47:39 CEST



David Wagner wrote:


[snip]


> 


> The fact that you bring up stack overflows makes me start to worry all


> over again that we have miscommunicated.  It makes me worry that I have


> failed to explain clearly enough what I am trying to say.  I want to


> "tread lightly", but I also want to make sure that we are understanding


> each other accurately.  I'm unsure how much one can rely on claims


> that "oh yes, we knew all that 20 years ago" if the claimant hasn't


> distinguished between stack overflows vs. the more subtle methods


> I mentioned.  Can you reassure me?



It is necessary to distinguish between accidental and deliberate stack 


overflows.  Computers programs having problems when they write outside 


the assigned data area have been know since the earliest days.  Probably 


by the end of the first month on the first computer.  Until recently 


these have always been accidental - the computing equivalent of the 


programmer shooting himself in the foot.  It was know that what ever 


happens accidental can be arranged to happen deliberately, we had just 


never seen it happen maliciously.



When programs overwrote code areas they tended to ran wild and go into a 


silly loop.  You debugged them by single stepping the computer and 


placing a break point on the corrupted location.  There is a lot of 


literature on problems with pointers.



Various methods have been proposed to improve the security of computers. 


  These include giving each program its own space and requiring it to 


stay in it.  This particularly applied to multi-user systems.  The ICL 


1900 system used to abort run away programs with the error message 


"Reservation Violation".  BASIC interpretors used to check all array 


accesses to catch overflows.  These were all operating in the 1960s. 


Many systems used to have 4 domains with only very privileged parts of 


the operating system having access to the inner area.  The memory 


management on the X'86 microprocessors controls access down to 512 byte 


pages.  The Plessey S250 used its "capability" system to provide high 


security by controlling down to individual words.



On mainframe computers disc systems frequently apply sophisticated 


access rights systems on files.  The VAX VMS system has a very good one. 


  This is designed to protect against a person "driving" the attack.



Stack overflow attacks are very complex - the overflow has to be forced, 


a data area without protection chosen, malicious code inserted and a 


jump to the malicious code forced.



Bill Gates needs to improve his operating system or replace it wit a 


simpler one.



Andrew Swallow


Received on Thu Sep 29 21:41:12 2005