heilpern wrote:I've been using grsecurity for only a short while. I understand that it is supposed to be able to thwart overflow exploits, and I think this is in two manners -- restrictions on what a process can launch (execute ACLs) and pax for more basic memory protection.
close
, but it's a bit of an oversimplification. i suggest that you check out Brad's LSM presentation slides for more info. in short, PaX aims at preventing certain classes of exploits (not only array overflows, and memory protection is just one feature) while the ACL system lets you confine a successful exploit (again, execution restriction is just one feature). ACLs also have more use in that they confine application behaviour in general, regardless of what drives it (careless programmer, trojan horse, successful exploit, etc).
Is there somewhere I can download a simple set of test programs -- one with an overflow that can be exploited through commandline arguments, and another to exercise it? I would like to use something like this as a test case for my own inspection of the system.
i have a test program myself, but it wasn't written by me and is considered private, so i can't give it out. however i did want to write my own for some time now, especially since there are more features that need testing than at the beginning. if you're interested in writing one (or anyone else for that matter), i can give you a 'checklist' of what should go into such a tool(set). other than that, you can always try to test on known buggy software and working exploits against it.
I recall such an example pair of programs from several years ago -- I believe they may have come with Solar Designer's (antiquated?) linux kernel patch to prevent overflow exploits. I've searched for this and also on the OWL site for such an example, but no luck.
the Owl linux kernel patches have a test program called stacktest.c which works under PaX as well, although it exercises only the non-exec stack and gcc trampoline emulation features.