> Excuse my ignorance, but would someone explain to me why Linux and
> other Unices are vulnerable to buffer overflow exploits? I suspect
> it's because the code, data and stack for a given process is kept in a
> single memory segment, but I'm not at all sure about that. If however,
> I'm right, would Linux Alpha, running on a Harvard architecture 21164,
> be immune from this weakness?
No. The problem can be broken down into the following subproblems:
o C programmers don't believe in bounds-checking. True for most
programmers.
o Addresses and data are stored on the same stack, making it possible to
fool a program into thinking that data is an address. True for basically
any modern architecture.
o Compilers trust the integrity of the stack. True for most compilers.
o The stack growns downwards, making buffer overflows with strings
relatively common. It's possible the other way, it's just less common.
True for most architectures.
o The stack is executable, making it possible to put exploit code to be
directly on the stack. Stack overflows are still exploitable without
this but it's more challenging. Meanwhile some programs rely on
executable stacks. True for most operating systems.
There's currently a good fix for the compiler problem known as Stackguard
which is as close to a real fix as currently exists. Patches exist to
disable execution on the stack, but exploits to bypass it have been shown.
-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/