On Wed, Aug 22, 2012 at 7:21 PM, Mike Frysinger <vapier@xxxxxxxxxx> wrote: > On Wednesday 22 August 2012 18:17:37 Jeffrey Walton wrote: >> The posture would have saved a number of folks from, for example, >> Pidgin's latest rounds of Critical Vulnerabilities (memory corruption >> and code execution). No-exec stacks and heaps would have reduced >> many/most to an annoying UI problem (a call to abort()). > > bad example: pidgin doesn't require execstacks (i'm not sure it ever has), so > that would have made 0 difference. I think Pidgin is a perfect example (humbly): http://www.pidgin.im/news/security/ and http://www.securityfocus.com/archive/105/515814. If Pidgin does not require NX stacks and heaps, why was it running with them? Not only did Pidgin not observe an SDLC on Linux, it did not do so on Windows either. "Pidgin for Windows (2.10.6) - Missing DEP and ASLR," http://developer.pidgin.im/ticket/15209, Linux might not have an SDLC, but Microsoft certainly does. > no one does exec-heaps by default ... the > code itself has to explicitly do this, and there's nothing the toolchain could > have done to stop that (not that pidgin enables exec on memory returned by > malloc afaik). only a kernel patch (such as PaX) which explicitly denies > mprotect calls that try to enable exec & write bits simultaneously would have > prevented this scenario proactively. Its unfortunate that most Linux do not do no-exec heaps. Gentoo is an exception with its PaX security. X^W is fine, too. Nothing is befuddling since the defenses are there - all a programmer has to do is ask for them. > in fact, very little to no packages request an executable stack by default. > binary-only packages tend to be the only ones nowadays that do, and that's > usually because the people producing the pkgs have broken code. All code has bugs. Its the reason we should be running with full defenses. Jeff _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
