Re: OS stopping stack buffer overflow exploits

• Next message: Erik Andersen: "[PATCH] fix for sysinfo(2) in 2.4.0-test1"
• Previous message: James Sutherland: "Re: OS stopping stack buffer overflow exploits"
• In reply to: Matthew Dharm: "Re: OS stopping stack buffer overflow exploits"
• Next in thread: Ingo Oeser: "Re: OS stopping stack buffer overflow exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 3 Jun 2000, Matthew Dharm wrote:

> On Sat, Jun 03, 2000 at 09:06:46PM -0500, Robert Redelmeier wrote:
> > 2) On syscall entry, the kernel could check the page tables
> > to be sure that the return address is from code pages (read-only),
> > and not from data pages (read-write). The kernel would log and
> > terminate any such process. Kill some nasty bugs this way too.
> > This assumes an exploit can do limited damage without syscalls.
>
> Hrm... this could cause some problems for applications which use
> self-modifying code (i.e. trampoline handlers, etc.)

True. OTOH, certain processors also break quite badly when faced with
self-modifying code...

James.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Erik Andersen: "[PATCH] fix for sysinfo(2) in 2.4.0-test1"
• Previous message: James Sutherland: "Re: OS stopping stack buffer overflow exploits"
• In reply to: Matthew Dharm: "Re: OS stopping stack buffer overflow exploits"
• Next in thread: Ingo Oeser: "Re: OS stopping stack buffer overflow exploits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:18 EST