[Python-Dev] OpenBSD anyone? (original) (raw)
Kurt B. Kaiser kbk at shore.net
Wed Dec 24 15:45:16 EST 2003
- Previous message: [Python-Dev] OpenBSD anyone?
- Next message: [Python-Dev] OpenBSD anyone?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Guido van Rossum <guido at python.org> writes:
Double sigh. Strange approach to security.
Their overall approach is outstanding. They understand that the right thing to do is fix insecure code and they audit their base distro extensively. I think they have around a dozen people, including some security professionals, on the audit team.
However, it's not possible to audit all the code in the ports, so they have implemented several defensive measures which make it more difficult to mount an attack:
ProPolice - anti-stacksmash methods. Sets a canary after the return address, moves local and argument buffers just below that, moves other locals below the buffers, and copies argument pointers into the latter area. If a buffer gets overrun, it nukes the canary.
W^X - memory which can be written by an app can't be executed, and vice-versa, assuming MMU support.
Non-executable stack @ 3.2 (note that this can cause problems with some functional languages)
Greatly reduced use of SUID/GUID binaries. Use of chroot and priviledge separation.
It's not surprising there are some residual bugs in the implementation, at least at 3.3. I haven't moved my box to 3.4 yet.
-- KBK
- Previous message: [Python-Dev] OpenBSD anyone?
- Next message: [Python-Dev] OpenBSD anyone?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]