Re: Unexecutable stack
Martin Dalecki (dalecki@cs.net.pl)
Tue, 28 Dec 1999 09:51:57 +0100
"Mike A. Harris" wrote:
>
> On Mon, 27 Dec 1999, Martin Dalecki wrote:
>
> >> > I've recently played a bit with Solar Designer's patch and it looks that
> >> > it doesn't have any
> >> > significant overhead. Shoudn't it be in the kernel by default(at
> >> > least,SECURE_STACK)?
> >>
> >> Last time when this question was raised was more then year ago (if I recall
> >> correctly) and Linus said that his feeling about unexecutable stack is that
> >> it does not make exploits impossible but insted give you false sense of safety.
> >> So answer is "no". You can add such patch by hands if you wish...
> >
> >And it would prevent anything from working which is emplying the stack
> >as a trampoline to pass around ... guess what ... for example thrown
> >exceptions.
>
> People are always quick to state as fact things that they have
> not looked into. I don't know what the current status is on
> this, but as I understand it, trampolines work with these
> patches. This is all an FAQ. I've read this thread 40 times in
Concerete refferences to anything where not given.
As a merit of fact: if you can't execute code on the stack
trampolines will cease to work. Whatever kind of cludge
in some *special* patch you are speaking about I just can't guess out
from the current solar system constellation. So hold your breath...
--
Marcin Dalecki
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/