[Python-Dev] OpenBSD anyone?
Kurt B. Kaiser
kbk at shore.net
Wed Dec 24 15:45:16 EST 2003
Guido van Rossum <guido at python.org> writes:
> Double sigh. Strange approach to security.
Their overall approach is outstanding. They understand that the right
thing to do is fix insecure code and they audit their base distro
extensively. I think they have around a dozen people, including some
security professionals, on the audit team.
However, it's not possible to audit all the code in the ports, so they
have implemented several defensive measures which make it more
difficult to mount an attack:
1. ProPolice - anti-stacksmash methods. Sets a canary after the
return address, moves local and argument buffers just below that,
moves other locals below the buffers, and copies argument pointers
into the latter area. If a buffer gets overrun, it nukes the canary.
2. W^X - memory which can be written by an app can't be executed, and
vice-versa, assuming MMU support.
3. Non-executable stack @ 3.2 (note that this can cause problems with
some functional languages)
4. Greatly reduced use of SUID/GUID binaries. Use of chroot and
priviledge separation.
It's not surprising there are some residual bugs in the implementation,
at least at 3.3. I haven't moved my box to 3.4 yet.
--
KBK
More information about the Python-Dev
mailing list