Re: Non-Executable Stack Patch

Systemkennung Linux (linux@mailhost.uni-koblenz.de)
Wed, 4 Jun 1997 10:29:29 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Erv Walter: "umsdos over vfat?"
Previous message: Bill Hawes: "Race while waiting on page"
In reply to: David C Niemi: "Re: Two concurrent floppies?"

> The advantage of the patch is that it will stop the current set of
> attacks that take the form of "find buffer overrun in a program",
> followed by "apply standard toolkit to exploit buffer overrun by putting
> executable code on the stack".
>
> The disadvantage of the patch is that after we apply, within a few
> months we will see a new toolkit of the form "corrupt the stack to point
> the return address into someplace entertaining in libc --- like right
> before an an execl call in the implementation of popen()."
>
> The danger is people thinking that with this patch, they don't need to
> worry about finding and fixing buffer overrun bugs in their code....

Theo is right. Especially because that placebo fix of disabeling of
execution on the stack will not be possible on all architectures.
Recent postings to bugtrack like
<Pine.A41.3.95.970524155438.20452B-100000@t1.chem.umn.edu> support his
point of view. Certain operating systems like IRIX were simply protected
from that type of attack we're discussing because few of the bad guys
understood the issues so far ...

Ralf

Next message: Erv Walter: "umsdos over vfat?"
Previous message: Bill Hawes: "Race while waiting on page"
In reply to: David C Niemi: "Re: Two concurrent floppies?"