Steve VanDevender <stevev@efn.org> said:
[...]
> It's possible (albeit more difficult) to exploit a stack buffer overflow
> on an executable stack remotely with no access to the binary that is
> being exploited. It's not really feasible to exploit a stack buffer
> overflow on a non-executable stack if you don't have access to the
> binary being exploited.
Crackers do have such access, to rely on otherwise is security through
obscurity again. They just find out what version of the distribution you
are running, and consider possible upgrades (or even non-standard CFLAGS or
different compilers for truly desesperate attempts at your particular
machine).
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:15 EST