Re: [PATCH] this patch add a possibility to add a random offset to the stack on exec.

From: Evgeny Polyakov (johnpol@2ka.mipt.ru)
Date: Thu Aug 23 2001 - 11:56:02 EST


Hello.

On Thu, 23 Aug 2001 13:47:31 +0100 (BST)
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

>> "Add a possibility to add a random offset to the stack on exec. This
makes
>> it slightly harder to write generic buffer overflows. This doesn't
really
>> give any real security, but it raises the bar for script-kiddies and
it's
>> really cheap."

AC> Its so slight its useless, and the randomness makes it hard to verify
AC> you
AC> fixed a problem. Remember once an exploit appears a box will get
scanned
AC> hundreds of times - someone will get the right offset 8)

You want to tell, that running 2 process one directky after another( like
exploits do),
and esp will be the same, even with random addition? It's impossible.

But i quite understand your position in this question :(.

AC> There is another good reason for offseting stacks within the page -
AC> especially the kernel stacks which is to avoid things like each apache
AC> task sleeping with wait queues on the same cache colour

---
WBR. //s0mbre
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:59 EST