Re: executable stacks, a few suggetions
Ingo Molnar (mingo@pc5829.hil.siemens.at)
Mon, 14 Apr 1997 15:41:26 +0200 (MET DST)
> > i would suggest to turn executable stack off only for setuid exec()'s
>
> What about daemons? These are even more important, and, as I'm going to
> explain when posting the final patch, removed stack execution permission
> is possible to bypass in less cases when exploiting remotely than locally.
maybe we could temporarily add it as an ext2fs attribute? exec() honors
this attribute then, and installs the 'safe' code segment when building
the process.
if it's a custom patch, one can abuse all kinds of already existant ext2fs
attributes. [but maybe there is place for a new one?]
-- mingo