Re: Security in general (was Re: Proposal "LUID")

• Next message: Scott Doty: "2.2.14 lockups"
• Previous message: willy@thepuffingroup.com: "Re: Security in general (was Re: Proposal "LUID")"
• Next in thread: Horst von Brand: "Re: Security in general (was Re: Proposal "LUID")"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Steve VanDevender <stevev@efn.org> said:

[...]

> It's possible (albeit more difficult) to exploit a stack buffer overflow
> on an executable stack remotely with no access to the binary that is
> being exploited. It's not really feasible to exploit a stack buffer
> overflow on a non-executable stack if you don't have access to the
> binary being exploited.

Crackers do have such access, to rely on otherwise is security through
obscurity again. They just find out what version of the distribution you
are running, and consider possible upgrades (or even non-standard CFLAGS or
different compilers for truly desesperate attempts at your particular
machine).

-- 
Dr. Horst H. von Brand                       mailto:vonbrand@inf.utfsm.cl
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Scott Doty: "2.2.14 lockups"
• Previous message: willy@thepuffingroup.com: "Re: Security in general (was Re: Proposal "LUID")"
• Next in thread: Horst von Brand: "Re: Security in general (was Re: Proposal "LUID")"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:15 EST