[Python-Dev] OpenBSD anyone?

Kurt B. Kaiser kbk at shore.net
Wed Dec 24 15:45:16 EST 2003

Guido van Rossum <guido at python.org> writes:

> Double sigh.  Strange approach to security.

Their overall approach is outstanding.  They understand that the right
thing to do is fix insecure code and they audit their base distro
extensively.  I think they have around a dozen people, including some
security professionals, on the audit team.

However, it's not possible to audit all the code in the ports, so they
have implemented several defensive measures which make it more
difficult to mount an attack:

1. ProPolice - anti-stacksmash methods.  Sets a canary after the
   return address, moves local and argument buffers just below that,
   moves other locals below the buffers, and copies argument pointers
   into the latter area.  If a buffer gets overrun, it nukes the canary.

2. W^X - memory which can be written by an app can't be executed, and
   vice-versa, assuming MMU support.

3. Non-executable stack @ 3.2 (note that this can cause problems with
   some functional languages)

4. Greatly reduced use of SUID/GUID binaries.  Use of chroot and
   priviledge separation.

It's not surprising there are some residual bugs in the implementation,
at least at 3.3.  I haven't moved my box to 3.4 yet.


More information about the Python-Dev mailing list