Re: Stopping buffer-overflow security exploits using page protection

• Next message: Eric S. Raymond: "CML2 0-7-5 is available"
• Previous message: Anton Blanchard: "Re: [RFC] Merge softirq, local_irq_count, local_bh_count"
• In reply to: Bruce Perens: "Stopping buffer-overflow security exploits using page protection"
• Next in thread: Alan Cox: "Re: Stopping buffer-overflow security exploits using page protection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 28 Jul 2000, Bruce Perens wrote:

> Hi,
>
> Please see http://technocrat.net/964824712/ . Is there any good
> reason that we can not run Linux executables with the execute permission
> turned off, by default, on all stack and data pages?

Sounds suspiciously like a non-exec stack to me - there has been plenty of
discussion of how/why that achieves nothing (you just need to change the
exploit code slightly).

> Wouldn't this stop buffer-overflow security exploits that try to
> inject executable code onto the stack or into function tables? i386
> won't support it, but other architectures do.

It doesn't stop anything - just changes the nature of the exploit needed
(i.e. the skr1pt k1dd13s need to find v2 of their little skr1pt). The
opinion round here seems to be that this isn't worth the hassle?

James.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Eric S. Raymond: "CML2 0-7-5 is available"
• Previous message: Anton Blanchard: "Re: [RFC] Merge softirq, local_irq_count, local_bh_count"
• In reply to: Bruce Perens: "Stopping buffer-overflow security exploits using page protection"
• Next in thread: Alan Cox: "Re: Stopping buffer-overflow security exploits using page protection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:29 EST