> Dan Hollis <goemon@sasami.anime.net> writes:
>
> > > * Anti-exec-stack option
> >
> > We *really* need this. Doesn't solaris already have it?
>
> This will only stop current cut'n'paste exploits. When Linux has it as
> standard exploit writers will quickly adapt to it (as shown numerous times),
> and you have the same situation.
>
> -A.
Although, you are partialy right, you have failed to consider all that
goes into that form of exploit:
*there must be a bin that has an overflow
*it must be suid
*the attacker must be able to run it
*the attacker must either create an exploit or get a canned one
With the patch
*the attacker must form the attack into one of the few ways allowed by the
stack patch..
I would guess that very few apps can be exploited with this patch..
When the orignal patch was posted, I offered $50 to anyone who could
produce an exploit for any version of linux running that kernel.. No one
took me up on it..
So, while not perfect, it does make it harder..