Re: Unexecutable Stack / Buffer Overflow Exploits...

Steve VanDevender (stevev@efn.org)
Thu, 30 Dec 1999 14:11:00 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve VanDevender: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Previous message: poke: "2.2.12-20 Kernel Panic"

Richard Zidlicky writes:
> On Wed, Dec 29, 1999 at 11:27:33AM -0800, Dan Hollis wrote:
> > And I dont see any reason why this cant be a kernel compile option. If you
> > dont like it, dont enable it. I suspect the vast majority of users will
> > enable it though. I know I would.
>
> Why not even make it a runtime option, programs get nonexec stack by default
> and could do some mmap or other syscall if they realy needed the stack or
> some portion of it executable.
> Are there any technical difficulties I am overlooking?

Yeah. Exploit code that now includes exec("/bin/sh") will
simply precede it with make_stack_executable() if it's
runtime-selectable.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve VanDevender: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Previous message: poke: "2.2.12-20 Kernel Panic"