Re: Non-Executable Stack Patch

Theodore Y. Ts'o (tytso@MIT.EDU)
Tue, 3 Jun 1997 21:36:17 -0400


Date: Wed, 04 Jun 1997 02:50:04 +0300
From: Andi Gutmans <andi@vipe.technion.ac.il>

Well with a non-executable stack most security conscious system
administrators will sleep better :) I can guarantee that. (Not too much
better as holes always exist but quite a lot).

The advantage of the patch is that it will stop the current set of
attacks that take the form of "find buffer overrun in a program",
followed by "apply standard toolkit to exploit buffer overrun by putting
executable code on the stack".

The disadvantage of the patch is that after we apply, within a few
months we will see a new toolkit of the form "corrupt the stack to point
the return address into someplace entertaining in libc --- like right
before an an execl call in the implementation of popen()."

The danger is people thinking that with this patch, they don't need to
worry about finding and fixing buffer overrun bugs in their code....

- Ted