Re: trusted debian and echo

[Christian Kurz]

On 00-01-05 Othmar Pasteka wrote:
> echo? someone out there?

Yes.

> hmm, once upon a time there was a topic on #debian-devel mentioning ejb
> that he is doing something with trusted debian. so i mailed him but
> never got a reply. does some1 know what he is planing todo? or where is
> this discussed?

I think it has something to do with RSBAC (Rule Set Based Acces
Control). You can find more information about this on www.rsbac.org

Ciao
 Christian
-- 

* Christian Kurz  Debian Developer/QA-Team *
*   Use Debian - a free Operating System   *

trusted debian and echo

[Othmar Pasteka]

Hi,

echo? someone out there?

hmm, once upon a time there was a topic on #debian-devel mentioning ejb
that he is doing something with trusted debian. so i mailed him but
never got a reply. does some1 know what he is planing todo? or where is
this discussed?

so long
Othmar

test

[wild]

test danke
-- 
Gruesse Christoph Marcel Hilberg Marburg 'where do we want to go tomorrow?'
---
pgp 1620432A2029617A6A49875E34772EB0 www2.crosswinds.net/frankfurt/~room10/

FW: Re: Unexecutable Stack / Buffer Overflow Exploits...

[Anton Ivanov]

-BEGIN PGP SIGNED MESSAGE-

Sorry if this have been already discussed. I did not find it in the debian
archives.

This is a very good suggestion. 

- -FW: <[EMAIL PROTECTED]>-

Date: Thu, 30 Dec 1999 19:54:39 -0500
Sender: [EMAIL PROTECTED]
From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
To: Steve VanDevender <[EMAIL PROTECTED]>
Subject: Re: Unexecutable Stack / Buffer Overflow Exploits...
Cc: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]

   From: Steve VanDevender <[EMAIL PROTECTED]>
   Date: Thu, 30 Dec 1999 16:26:02 -0800 (PST)

   Many of the stack-smashing exploits I've seen pad the exploit
   code with a large number of no-op instructions; the return then
   has to point only somewhere into the no-op padding rather than
   directly at the useful part of the exploit code.  Making a
   successful exploit in those cases takes less detailed knowledge
   and a lot fewer attempts before finding a return address that
   works, and it works in many more cases since the frame that gets
   smashed can be located over a much larger range of addresses.

How much is a "large" number of no-op's?  4k?  8k?  Usually it's a lot
less than that; a few hundred no-op's at most.  Remember, you actually
have to send that many bytes down the network connection, and there may
be other things (such as the maximum UDP packet size) which may limit
how big you can make your "no-op runway".  

In any case, I suspect that if something randomly added some random
value between 0 and 128k to the stack pointer at startup time, it would
also go a fairly long way towards thwarting overrun attacks --- but make
no mistake, it's still only papering over the problem.

- Ted


- -
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

- --End of forwarded message-

- --
Anton R. Ivanov
IP Engineer Level3 Communications
RIPE: ARI2-RIPE  E-Mail: Anton Ivanov <[EMAIL PROTECTED]>
@*** Dow's Law ***
  In a hierarchical organization, the higher,
  the greater the confusion.

- --
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBOHMl3ilWAw/bM84zAQEOTwf/WKa8XLQpt1hoovZXsgZUS54Z4Zqv6dCe
DkZaxg8d/VTH/OlwBwgZx61QrAtpbp/8mL/pWpA7iDFX4uhRp5QcfaxxC9wqyt21
NcRAuf6divqHXuzYLuObCe/FocetKuaCw9VlJFwTA0GOBrg/7Jm8TFrdlfgw5jfX
kq1okh1vexjN+k8kT24ZITsYS/Zg1Koqu/D9OBCV1mYrbRoXpuNk4XchE9DYMORz
5jPVxYYke3D3dp9Z205V3WkmZt5CLL2JFhisUx3YSxn6METM1+rUFrlpDw29LbvU
cAqvIgzJg3RHjgGD7Ao07UTFymm0XPziapVPLS3coNj0plW3G3/+hQ==
=zcNw
-END PGP SIGNATURE-