Re: Unexecutable Stack / Buffer Overflow Exploits...

Oliver Xymoron (oxymoron@waste.org)
Thu, 30 Dec 1999 20:48:10 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: VT/NH DMG: "Planning an Integrated e-Commerce Strategy Jan 13"
Previous message: Theodore Y. Ts'o: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: Jordan Russell: "RE: (In my eyes) strange arp behaviour"
Next in thread: Gregory Maxwell: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Reply: Gregory Maxwell: "Re: Unexecutable Stack / Buffer Overflow Exploits..."

On Thu, 30 Dec 1999, Theodore Y. Ts'o wrote:

> In any case, I suspect that if something randomly added some random
> value between 0 and 128k to the stack pointer at startup time, it would
> also go a fairly long way towards thwarting overrun attacks --- but make
> no mistake, it's still only papering over the problem.

I posted a kernel patch that did this a couple years back. And it's not
really worth it. Assuming you can stick several kB on the stack, you can
easily cut your guessing work factor by a lot.

-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: VT/NH DMG: "Planning an Integrated e-Commerce Strategy Jan 13"
Previous message: Theodore Y. Ts'o: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: Jordan Russell: "RE: (In my eyes) strange arp behaviour"
Next in thread: Gregory Maxwell: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Reply: Gregory Maxwell: "Re: Unexecutable Stack / Buffer Overflow Exploits..."