Re: Non-Executable Stack Patch

Martin Mares (mj@atrey.karlin.mff.cuni.cz)
Wed, 4 Jun 1997 10:11:41 +0200


Hi,

> I think it's really ashame that the non-executable stack patch doesn't
> seem to be making it's way into the kernel as an option.
> I think this is a place where Linux could really have an edge on many
> other UNIX systems.
> At our university these kind of security patches are very very desirable.
> We even use some much worse patch for Slowlaris to accompilsh the same
> thing (on systems with 5000 shell accounts)

Well, the patch helps to improve the security, but only _a_bit_ as you can
simply exploit buffer overruns without any need to put code on the stack by
overwriting a return address with a pointer to some interesting place in libc (remember
that libc contains glue functions for almost all kernel functions including
very interesting ones such as exec) and pass any parameters you wish. Such
exploits are unstoppable by any kind of stack protection patches.

In addition to this, such patch could even decrease system security as lots
of people believe it solves the problems and then they're much less aware
of old buggy versions of suid programs containing the overruns.

Martin