Re: Non-executable stack patch

Eric Youngdale (eric@andante.jic.com)
Tue, 10 Jun 1997 07:42:11 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stefan Vogtner: "Re: do the resource limits still work?"
Previous message: David S. Miller: "Re: low memory buffer cachebug fix, need some testers..."

On Mon, 9 Jun 1997, Ingo Molnar wrote:
> this way it would be harder to generate a valid libc address via parameter
> overflow? [i'm assuming that the only open communication channel to get
> attack code into the process is argv[] and envp[]]
>
> Also, an attack warning could be issued if the kernel detects 'illegal'
> characters in parameter strings (for priviledged processes only). [how
> 'illegal' is defined depends on locale settings]

There is another point I haven't seen anyone mention. When the
kernel delivers a signal (on i386 anyways), we push a small sequence of
instructions onto the stack that effectively make the sigreturn() syscall.
For this to work, the stack must be executable, since that is where the
small little code fragment that makes the sigreturn syscall can be found.
Blindly prohibiting all stacks from being executable will essentially
completely break signal handling.

-Eric

Next message: Stefan Vogtner: "Re: do the resource limits still work?"
Previous message: David S. Miller: "Re: low memory buffer cachebug fix, need some testers..."