Re: Compiler alternatives to no-exec (was Re: non exec stack...)

Kragen (kragen@pobox.com)
Fri, 7 Aug 1998 14:20:06 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andre M. Hedrick: "NO WARS, PLEASE!!!!!!!! (RE: 10 of 12 IDE-Devices...)"
Previous message: Andre M. Hedrick: "Re: 10 of 12 IDE-Devices :: Believe IT or NOT"
In reply to: Alessandro Rubini: "rshaper-1.01, for linux-2.0"

On Fri, 7 Aug 1998, Rene Janssen wrote:
> This is probably not sufficient for all cases. You have to put 2 zero
> guard bytes around the return address to be more secure. Overwriting the
> returnadress can be done from two directions in theory.

It's also not sufficient for multiple overflows in the same function --
if you can overflow the same string multiple times with progressively
shorter strings, you can put the zero back where it belongs after
overwriting the stuff on the other side.

Kragen

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Andre M. Hedrick: "NO WARS, PLEASE!!!!!!!! (RE: 10 of 12 IDE-Devices...)"
Previous message: Andre M. Hedrick: "Re: 10 of 12 IDE-Devices :: Believe IT or NOT"
In reply to: Alessandro Rubini: "rshaper-1.01, for linux-2.0"