Re: [Fwd: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2

Rene Janssen (rjanssen@ns.oke.nl)
Fri, 07 Aug 1998 09:35:01 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Wedgwood: "Re: More oops detail"
Previous message: Lauri Tischler: "Equal SMP"

At 04:54 PM 8/6/98 -0400, you wrote:
>IMPORTANT::
>
>Now, this leads to a way to have a truly secure system: an EXPAND-UP
>STACK. With an expand up stack, where the ESP increments rather than
>decrements on a push, you can not overwrite the return address with
>the address of your own function.

This doesnt save you from buffer underflows :

void giant_bug(char *b)
{
char buf[256], *p=buf+256;
int x;
for (x=0;x<1024;++x) *p-- = *b++;
}

expand-up stacks are not secure either.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Chris Wedgwood: "Re: More oops detail"
Previous message: Lauri Tischler: "Equal SMP"