Domesticating applications, OpenBSD style

Domesticating applications, OpenBSD style

Well yeah. Like most security measures it's not a 100% solution and not intended to be. If a few one-line tame() calls scattered among the system utilities' code can prevent just one or two bugs from being exploitable in the future then it will be worthwhile.

I think it would be cool to declare sections of code which can be executed once and then forgotten. For example the initialization code in init() would open files, then the program calls something like scrub_code(&init). This C library routine, with support from the compiler and the kernel, overwrites the init() in the process's text segment so it can never again be executed during the process's lifetime (whether deliberately or through some stack-smashing attack). As long as self-modifying code is prohibited the rest of the time, you can be certain that no further calls to open() can happen simply because they aren't physically present in the program code.

Hmm, thinking about it this would only work for toy programs that don't have any shared libraries. It doesn't solve the problem of a stack smashing attack jumping to some place in a shared library. So masking out allowed system calls is probably a better approach, combined with some general countermeasures against memory trampling and stack smashing.