Debian SbD
Bugs to Stop

This page shows where stopping points are placed with the security enhancements suggested by D:SbD. Not all attack vectors are dampened; it is still possible, for example, to exploit a badly designed e-mail client which runs attached perl scripts setuid root automatically without asking by default. Other buffer overflow attacks, possibly heap based ones, that may involve changing certain data such as IP addresses to make connections to may allow an attacker to have programs send them sensitive information.

Bug diagram

Red paths are functioning exploits. Red boxes are unprotected. Green paths are exploits heading for a partially protected route. Green boxes have protection in certain cases, but not most/all. Blue arrows are paths where exploitation can (usually) not be guaranteed. Blue boxes show points where exploitation is in many or most cases impossible to guarantee or simply impossible. These classifications are arbitrary and are only meant for visual aid; take them with a grain of salt.

(1) Stack Smashes are prevented by Stack Smash Protection.

(2) Pointer Corruption from stack smashes, which can affect the program before the "guard" value is checked, can also be prevented with Stack Smash Protection. The IBM Stack Smash Protector copies pointers in function arguments to local variables below buffers.

(3) Return to Libc attacks are prevented by the ASLR in PaX. A system should deploy Position Independent Executables to complete the randomization by allowing PaX to easily map the base of the executable binary at a randomly chosen offset.

(4) Code Injection is impossible to perform directly due to the executable space protections enforced under PaX. Indirect code injection can be done by writing code to a file and using mmap() to map the file in as executable, or by creating and executing scripts; however, this requires repeted successful Return to Libc attacks.

Debian is a registered trademark of Software in the Public Interest, Inc. Linux is a Registered Trademark of Linus Torvalds. All trademarks are property of their respective owners. For any questions, comments, or complaints, e-mail nigelenki@comcast.net.