Re: Patch 4/6 randomize the stack pointer

From: jnf
Date: Thu Jan 27 2005 - 16:37:02 EST

Next message: Zach Brown: "__getblk() spinning when size != bdev->...i_blkbits"
Previous message: Tony Lindgren: "[PATCH] Dynamic tick, version 050127-1"
In reply to: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Next in thread: Paulo Marques: "Re: Patch 4/6 randomize the stack pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> Here's self-exploiting code to discover its own return address offset
> and exploit itself. It'll lend some insight into how this stuff works.
>
> Just a toy.
>

While I understand the point here, doesn't it become a moot point if:
a) the stack is reinitialized randomly on each execution
and
b) you have to execute that code from within the address space in order to
get the address of itself, therefore if you could already execute code,
then you don't really need the address and if you did wouldnt it be much
easier to do a (ia32) movl %esp pushl %esp ?

The point is to stop the code execution in the first place by randomizing
the addresses and making it hard to guess the offset, there are a ton of
ways to write code that can find the stack pointer or find itself, however
if you cannot execute that code then it becomes a moot point.

Of course I am not refering to causing loops and such in .text code to
brute force addresses.

cheers,

jnf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zach Brown: "__getblk() spinning when size != bdev->...i_blkbits"
Previous message: Tony Lindgren: "[PATCH] Dynamic tick, version 050127-1"
In reply to: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Next in thread: Paulo Marques: "Re: Patch 4/6 randomize the stack pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]