Stack Smashing and no-exec

Trever Adams (highlander@teleteam.net)
Thu, 06 Aug 1998 22:15:08 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Anthony Barbachan: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Previous message: Richard Gooch: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Next in thread: H. Peter Anvin: "Re: Stack Smashing and no-exec"
Maybe reply: H. Peter Anvin: "Re: Stack Smashing and no-exec"
Maybe reply: Trever Adams: "Re: Stack Smashing and no-exec"

It is my understanding that if the app is not running as root (whether
that is setuid or real root) the app can't gain root. If such is the
case, I disagree with those who say it is the kernel's responsibility to
keep the system safe. Root is supreme, root is the OS in many ways. If
root takes the system down, heck, that is roots fault. So the mentality
that the OS should protect root from himself (note generic him, none of
the PC crap) is bogus.

If an app can smash its stack and gain root shell without setuid or
root, then it is a problem. If such is the case, please let me know.

Trever

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Anthony Barbachan: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Previous message: Richard Gooch: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Next in thread: H. Peter Anvin: "Re: Stack Smashing and no-exec"
Maybe reply: H. Peter Anvin: "Re: Stack Smashing and no-exec"
Maybe reply: Trever Adams: "Re: Stack Smashing and no-exec"