On Mon, Jul 30, 2007 at 09:01:36AM -0700, Ng, Cheon-woei wrote: > It is my understanding that user space buffer overflow exploits (like > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or > Gutsy because of implementation of security measures like Address Space > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > Questions: > 1. Is my assumption correct?
For the most part, yes. I like saying "nearly" impossible instead of "basically". Overflow protections can't protect against arbitrary memory-writing bugs, but the ASLR helps make this much harder too. > 2. Are there any other security measures that I did not mention and I > should know of? One bit that didn't get much hype was the heap link-checking was added via glibc 2.5 in Feisty. > 3. Is there a link repository where I could find all details of the > security features included in Feisty Fawn or Gutsy? For example, I am > looking for a dedicated place in Ubuntu.com where I could find answers > for questions like these: There isn't, but writing such a document is near the top of my TODO list. > a. Is the Address Space Layout Randomization based on PaX? AFAIK, the ASLR in mainline kernels is based on the work done in RHEL. If that was based on PaX, I'm not certain. > b. When was this security measure included in Ubuntu? Stack ASLR happened in Dapper, library (mmap) ASLR happened in Edgy. ASLR of text was going to happen for Feisty, but was pulled from mainline kernels at the last minute. I'm working on getting it back in. > c. How many bits are randomized? IIRC, 20 bits. > d. Is function table randomized? Do you mean libc function tables? I don't think this will be in Gutsy, as it was only very recently introduced in mainline glibc. > e. Is Stack Guard part of all applications included in Feisty > Fawn? All packages built during and since the Edgy cycle would have been compiled with stack protection. I'm intending to go through and make sure any needing it are rebuilt for sure. -Kees -- Kees Cook
signature.asc
Description: Digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
