Re: Unexecutable stack

Adam J. Richter (adam@yggdrasil.com)
Tue, 28 Dec 1999 04:05:08 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: nag: "Re: linux-kernel-digest V1 #4980"
Previous message: Martin Maciaszek: "Strange behaviour with token ring (update)"
Maybe in reply to: Mike Karmyshev: "Unexecutable stack"
Next in thread: Khimenko Victor: "Re: Unexecutable stack"

If the problem with making the stack unexecutable is a few
pieces of trampoline code, then how about just modifying the few
programs that use this code to mprotect the stack when they actually
need it to be executable? Even if these programs simply made their
entire stack area executable at initialization time, at least the
other programs would be considerably more secure.

I believe this change would eliminate about half of the root
exploits that I see reports of, or, to put it more dramatically, it
would eliminate more exploits than all other improvements combined.

Adam J. Richter __ ______________ 4880 Stevens Creek Blvd, Suite 104
adam@yggdrasil.com \ / San Jose, California 95129-1034
+1 408 261-6630 | g g d r a s i l United States of America
fax +1 408 261-6631 "Free Software For The Rest Of Us."

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: nag: "Re: linux-kernel-digest V1 #4980"
Previous message: Martin Maciaszek: "Strange behaviour with token ring (update)"
Maybe in reply to: Mike Karmyshev: "Unexecutable stack"
Next in thread: Khimenko Victor: "Re: Unexecutable stack"