Ethereal-dev: Re: [Ethereal-dev] Compiling ethereal as PIE

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Sebastien Raveau <sebastien.raveau@xxxxxxxx>
Date: Thu, 23 Jun 2005 17:44:15 +0200
On Thursday 23 June 2005 13:12, Radek Vokál wrote:
> Hi

Hi Radek,

>  has anyone tried compiling ethereal as PIE executable? I was trying to
> do so but without any luck so far. I think it would be great for linux
> systems to compile ethereal with -fPIE option.
>
> For those who don't know about PIE, here's nice snip which explains this
> gcc option.
>
> PIE executables are in themselves randomized, and in addition will
> ignore the prelink "fixing" of addresses, and thus making it near
> impossible to find the address of the app you want to exploit..
>
> With ethereal I like the last part especially :)

That may help a bit, but buffer overflows are not the cause of most security 
flaws. Let me quote Theo de Raadt (maintainer of OpenBSD) on this:

"Crispin Cowan has suggested that buffer overflows are the most common 
security causing programmer error. I disagree. I believe that we found 
more /tmp races in our source tree than buffer overflows."

Anyway, I just find it amazing that in Ethereal more than a million lines of C 
run with root priviledges...

Ethereal has to be redesigned (as I suggested in a previous post to this 
mailing-list, apparently ignored) to minimize the amount of code running with 
root priviledges. Basically, the only thing Ethereal needs root priviledges 
for is opening the capture socket, and that could take less than a hundred 
lines of code. Once the amount of code running with root priviledges is 
downsized to about a hundred lines, it will be easily auditable and soon 
devoid of security flaws.


Best regards,

-- 
Sébastien Raveau
computer and network security student
head of the hawKeye network monitor project
http://hawkeye.sourceforge.net/

Attachment: pgpQHLaOGEKpo.pgp
Description: PGP signature