On Thursday 23 June 2005 13:12, Radek Vokál wrote:
> Hi
Hi Radek,
> has anyone tried compiling ethereal as PIE executable? I was trying to
> do so but without any luck so far. I think it would be great for linux
> systems to compile ethereal with -fPIE option.
>
> For those who don't know about PIE, here's nice snip which explains this
> gcc option.
>
> PIE executables are in themselves randomized, and in addition will
> ignore the prelink "fixing" of addresses, and thus making it near
> impossible to find the address of the app you want to exploit..
>
> With ethereal I like the last part especially :)
That may help a bit, but buffer overflows are not the cause of most security
flaws. Let me quote Theo de Raadt (maintainer of OpenBSD) on this:
"Crispin Cowan has suggested that buffer overflows are the most common
security causing programmer error. I disagree. I believe that we found
more /tmp races in our source tree than buffer overflows."
Anyway, I just find it amazing that in Ethereal more than a million lines of C
run with root priviledges...
Ethereal has to be redesigned (as I suggested in a previous post to this
mailing-list, apparently ignored) to minimize the amount of code running with
root priviledges. Basically, the only thing Ethereal needs root priviledges
for is opening the capture socket, and that could take less than a hundred
lines of code. Once the amount of code running with root priviledges is
downsized to about a hundred lines, it will be easily auditable and soon
devoid of security flaws.
Best regards,
--
Sébastien Raveau
computer and network security student
head of the hawKeye network monitor project
http://hawkeye.sourceforge.net/
Attachment:
pgpcqxAeqoPJy.pgp
Description: PGP signature
