Re: [Announcement] "Exec Shield", new Linux security feature

• Next message: Trond Myklebust: "Re: [PATCH] remove useless MOD_{INC,DEC}_USE_COUNT from sunrpc"
• Previous message: Trond Myklebust: "Re: [PATCH] remove useless MOD_{INC,DEC}_USE_COUNT from sunrpc"
• In reply to: Calin A. Culianu: "Re: [Announcement] "Exec Shield", new Linux security feature"
• Next in thread: Chuck Ebbert: "Re: [Announcement] "Exec Shield", new Linux security feature"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Followup to: <Pine.LNX.4.33L2.0305040243390.2890-100000@rtlab.med.cornell.edu>
By author: "Calin A. Culianu" <calin@ajvar.org>
In newsgroup: linux.dev.kernel
>
> Clearly this address is less than 16MB, so then it must be possible to
> jump to memory below 16MB.
>

There is another issue: x86 uses relative jumps, so although "ASCII
armor" addresses aren't easily accessible using return address smashes
(although the \0 at the end thing is a real issue), you may be able to
get to them through a jump instruction.

        -hpa

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Trond Myklebust: "Re: [PATCH] remove useless MOD_{INC,DEC}_USE_COUNT from sunrpc"
• Previous message: Trond Myklebust: "Re: [PATCH] remove useless MOD_{INC,DEC}_USE_COUNT from sunrpc"
• In reply to: Calin A. Culianu: "Re: [Announcement] "Exec Shield", new Linux security feature"
• Next in thread: Chuck Ebbert: "Re: [Announcement] "Exec Shield", new Linux security feature"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 07 2003 - 22:00:20 EST