> Hello!
>
> Well, thanks for your support... you're missing a few thing though...
>
> There're cases when a buffer overflow can be exploited with both patches
> applied, and I didn't try to make that completely impossible (the patch is
> useful if it makes at least some vulnerabilities unexploitable). For example,
> I only make the stack non-executable, other data areas are still executable
> (it's not possible to make them non-executable without moving the user code
> descriptor to the LDT; also some programs depend on them being executable,
> this could be fixed by a similar GPF handler approach though).
Nah.. I'm quite aware of that and the mechanics of your patch.. It's
just that finding a program with the right hole in some standard linux
distribution and making it get you root access would be incredbly hard..
I didn't ask people to design a program that had the right bug.. Or to
search every piece of code on the net for such a bug... Just "Any revision
of any standard distibution".. I've tried to exploit an old copy of
splitvt on one of my test boxes with your patches and have not been
sucessful yet.. :)
> > Anyone finding a kernel level solution to fixing VM86 stuff while still
> > keeping the second patch's funcionatlity will win the applause of the
>
> No real problem there, already done.
>
Thats great... :)