Date: Sun, 28 Jun 1998 17:26:30 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Niall Smart <njs3@doc.ic.ac.uk> Cc: Patrick McAndrew <pfm@slack.net>, jtb <jtb@pubnix.org>, Wojciech Sobczuk <sopel@hood.1lo.lublin.pl>, fpscha@schapachnik.com.ar, ncb05@uow.edu.au, security@FreeBSD.ORG Subject: Re: non-executable stack? Message-ID: <Pine.BSF.3.96.980628171012.1110C-100000@aniwa.sky> In-Reply-To: <E0yprtC-0006B4-00@oak67.doc.ic.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27 Jun 1998, Niall Smart wrote: > You misunderstand. My proposal, seemingly seconded by jtb, was to > allow the administrator to disallow the presence of non-printable ascii > characters in the environment or command line arguments at the time of > execve of certain processes. We still don't know if this will have any > effect on security though, since no-one has checked to see if its possible > to write shellcode using just printable ASCII. It would certainly > make life difficult for the attacker, since it would be impossible to > overwrite the saved eip with an address on the stack since the stack > is at the top of the address space around 0xFFxxxxxx or 0xEFxxxxxx. > > Niall I know next to nothing about assembly level programming, but if you mean that there is a problem because 0xFF and 0xEF are out of bounds, then I figure this means very little if the attacker has access to a small range of arithmetic or bitwise operators to generate these characters. With a little more effort, byte values could perhaps be borrowed from elsewhere, copying them from addressable locations. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980628171012.1110C-100000>