Re: Non-executable stack patch

Theodore Y. Ts'o (tytso@MIT.EDU)
Fri, 6 Jun 1997 20:26:56 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: A.N.Kuznetsov: "Re: martians"
Previous message: Paul H. Hargrove: "Re: Ext2fs and hashed table."
In reply to: Solar Designer: "Non-executable stack patch"

From: Solar Designer <solar@false.com>
Date: Fri, 6 Jun 1997 06:42:25 -0300 (GMT+3)

Now, about getting around non-executable stack in an exploit: yes, this is
possible, and the return-into-libc method is probably the best.....

As for remote exploits, it is possible to do the same way, if the attacker
knows the exact version of libc (even the version of the compiler that libc
was compiled with is important).

Considering that most users don't compile their own libc, but use one of
a few standard distributions (or recompiled libc from HJ), this
requirement is not hard. This will especially be true of random
companies who have chosen to use Linux as their Firewall, Web Server, or
whatever.

- Ted

Next message: A.N.Kuznetsov: "Re: martians"
Previous message: Paul H. Hargrove: "Re: Ext2fs and hashed table."
In reply to: Solar Designer: "Non-executable stack patch"