Posted on 01/15/2002 4:54:37 PM PST by Bush2000
What do they need, a signed invitation to write a patch for this?
you hear a lot of these 'stack' bugs on unix machines but it's only windows that really has security problems.
LOL!!! Thanks for the ping!
In the early days of programming a programmer had to handle every error. As we went to Object oriented programming and the concepts of code and data abstraction that approach would no longer work. So the concept of exceptions was invented. When an error occurs the program creates an exception which calls an exception handler funciton. It goes back up the method and function chain until it reaces the main entry point of the program. Somewhere in this chain the exception is supposed to be trapped and handled. But since this is an abstraction programmers often do not know about all possible exceptions so the fail to handle a lot of them. One advantage of exceptions is that an unhandled exception does not crash the program. Unhandled conventional errors usually do. If a hacker can manage to generate an execption that is not handled the hacker ends up back at the main entry point to the program.
The other things that programmers do is put the security in last. As the program is run and tested programmers don't want to keep setting permissions. So they set permissions as zero qantities. Thus if a permission value is set to 0 you have permission and if it is set to 1 permission is denied. By that I mean permissions are turned off.. They are not turned on. So if permissions are not turned off, the user has them.
Since an unhandled exception when the program starts puts the cracker at the entry point, if the permissions have not been turned off yet, he is at the entry point with all permissions available to him. Becuase operating systems set uninitialized objects to zero and zero means you have permission.
I recoded our companies products so a permission has to be set to 1 to enable that permission. A cracker may still find a way into my application, but when he gets in, he has no permissions. All permissions are set to zero and that means in my case he has no permissions not all. He can't do input, he can't get output. Once he is in, the computer appears totally locked up to the cracker. He just goes away.
With my system even if the cracker can get into the bank, he still finds the vault is locked he can't do anything at all. With the Sun, Linux and Windows sytems, if a cracker gets into the back, he finds the vault unlocked and he has total permission to do everything.
All three operating systems need to invert permissions so if the permissions are all zero there are no permissions granted to do anything at all. And if you have zero permissions you can't set anything to give you permissions.
That makes the computer safe. I have never been able to proove that a cracker could not find a way to generate an exception. But I can prove that if he does it on my systems he can't get permision to do anything harmful.
Bull Sh*t.
There are two axioms that every professional programmer knows. For every offense there is a defense that will prevent it. Defences are always invented after offenses are created.
To program a totally secure program the programmer has to invent all possible attacks and then invent defenses that will prevent all possible attacks.
An attacker has to find one attack that has not been defended against.
The attackers job is several orders of magnitude easier than the programmers.
thought it was, "windows has NO security problem, because windows has no security...:)"
No, it's because they either have:
a) No job
b) No life
c) Both a and b
If all I give a program of root's privileges is Raw Socket privileges it is damned hard for the cracker to do much. Stuff can be done but it is a lot easier if you have all of roots permissions.
What you do is patch the kernal so there is a new privilege type that is user plus raw socket privileges. That lets SMTP servers run with just uers privileges ( it is the SMTP relay component's DNS resolver that needs the raw Sockets). You don't need raw sockets for FTP.
Making a program have root privileges in order to do raw sockets is the same thing Bill Gates can be accused off doing ... that is sort of.
However NT contained an undocumented feature that allowed an ordinary user to run a dll that could create raw sockets. Did you ever wonder how you can run ping on an NT/2000 server with just user privileges? PING needs raw sockets. I figured if PING could do it I could too. And I did.
I reverse engineered the Dll that PING called to create the raw socket so a program that knew how could create raw sockets could do so with ordinary user privilges.
I wrote the SMTP, POP3 and IMAP4 components that are included with Delphi. I also wrote the DNS Resolver component. My code created Raw sockets with out administrator (root) privilges on Windows NT, 2000 and XP Server and Advanced server.
Microsoft later changed their documentation after people started asking how I did it. In my reverse engineering I discovered that Microsoft had taken the BSD UNIX socket code and only modified it so it would compile with the MS C++ compiler. That was a real discovery. It meant I could use UNIX source to understand windows code.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.