Re: Unexecutable stack

Gabor Lenart (lgb@oxygene.terra.vein.hu)
Mon, 27 Dec 1999 19:12:53 +0100

On Mon, Dec 27, 1999 at 08:37:59PM +0300, Khimenko Victor wrote:
> In <38673F5C.1010C79A@katren.ru> Mike Karmyshev (mike@katren.ru) wrote:
> > Hello.
> > I've recently played a bit with Solar Designer's patch and it looks that
> > it doesn't have any
> > significant overhead. Shoudn't it be in the kernel by default(at
> > least,SECURE_STACK)?
>
> Last time when this question was raised was more then year ago (if I recall
> correctly) and Linus said that his feeling about unexecutable stack is that
> it does not make exploits impossible but insted give you false sense of safety.
> So answer is "no". You can add such patch by hands if you wish...

Hmmm. But kernel contains features marked 'experimental'. Like experimental
things, secure Linux patch can go into kernel with some remark like experimantal.
(in this case: "big warning, ..."). Pre-XFree 4.0 servers seem to segfault
with this patch. Anyone who has got similar sympthoms ?

BTW, restricted proc fs should go into kernel tree (do not care in this case
if unexecutable stack goes in or not), because it's the minimum to have
an ability to hide my processes from others. It's VERY simple and trivial
patch, only alters file access permissions in /proc.

-- 
 ---[ LGB/DC ]------------[ University Of Veszprém ]------[ Lénárt Gábor ]---
     "Life : Never ending story"    "Goal : 42"   "Direction : Unknown"
 ---[ 30/2270823 ]--------[ http://lgb.hal.vein.hu ]---------[ 87/477074 ]---
 finger lgb@hal2000.hal.vein.hu for more  !LINUX!  SMS : lgblgb@westel900.net


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/