Re: Non-Executable Stack Patch
Christopher Blizzard (blizzard@appliedtheory.com)
Wed, 04 Jun 1997 09:03:12 -0400
In message <9706040136.AA11175@dcl.MIT.EDU>, "Theodore Y. Ts'o" writes:
: Date: Wed, 04 Jun 1997 02:50:04 +0300
: From: Andi Gutmans <andi@vipe.technion.ac.il>
:
: Well with a non-executable stack most security conscious system
: administrators will sleep better :) I can guarantee that. (Not too much
: better as holes always exist but quite a lot).
:
:The advantage of the patch is that it will stop the current set of
:attacks that take the form of "find buffer overrun in a program",
:followed by "apply standard toolkit to exploit buffer overrun by putting
:executable code on the stack".
:
:The disadvantage of the patch is that after we apply, within a few
:months we will see a new toolkit of the form "corrupt the stack to point
:the return address into someplace entertaining in libc --- like right
:before an an execl call in the implementation of popen()."
:
:The danger is people thinking that with this patch, they don't need to
:worry about finding and fixing buffer overrun bugs in their code....
:
: - Ted
:
This was hashed over quite a bit on the bugtraq list. People had a lot of
reservations about using the non executable stack because of glibc.
Apparently, glibc uses trampolines which require an executable stack.
libc 5 apparently doesn't use them which is why people have been able to
get away with using this patch up until now.
--Chris
------------
Christopher Blizzard
AppliedTheory Communications, Inc.
http://odin.appliedtheory.com/
blizzard@appliedtheory.com
------------