Re: Non-Exec stack patches

From: Kurt Garloff
Date: Wed Mar 24 2004 - 17:07:23 EST

Hi Andi,

On Wed, Mar 24, 2004 at 12:27:39PM +0100, Andi Kleen wrote:
Stefan Smietanowski <stesmi@xxxxxxxxxx> wrote:
> > I would THINK they would include the NX bit but that's just a guess of
> > course.
> Most likely yes.
> But who buys such crippled CPUs will have to live with that. Or do a patch.

It should be straightforward. Put a different value in the
protection_map if such a CPU is detected. That should be all.

> NX support is mostly hype anyways, it doesn't give you much advantage.

It puts the hurdle somewhat higher and for some exploits does prevent
them. You can still overwrite the return address, but you need to have
put code into the data section prior to this to exploit. This may or may
not possible depending on how the daemon works. Marking the data section
non-executable would help further ...

It's always a tradeoff. Given the simplicity of the patch, I'm in favour
of having it.

Kurt Garloff <kurt@xxxxxxxxxx> [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Head) <garloff@xxxxxxx> [SUSE Nuernberg, DE]

Attachment: pgp00000.pgp
Description: PGP signature