Date: Sun, 30 Jun 2002 03:25:19 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Peter Wemm <peter@wemm.org> Cc: arch@FreeBSD.ORG Subject: Re: Time to make the stack non-executable? Message-ID: <3D1EDC8F.930AE88A@mindspring.com> References: <20020630070005.092FD390F@overcee.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Wemm wrote: > ie: most stack overflow holes would still be exploitable. It just makes it > a little harder since you can only push data instead of shellcode. But > that's all there is to it, you push your args, the set the return address > to point to the PLT trapoline and in most cases you are home. > > Making the stack non-executable is not the final solution. It just raises > the bar a bit. > > Note that I'm not saying that we shouldn't do it, just do not have > unrealistic expectations for it. This is a good point. The intent was not invulnerability; you could still buffer overflow to get instructions to scripting engines, like the JVM, mod_perl, etc., which "execute" data. I was aware of the libc exploit, but didn't want to really publicize it that much. Too late now. 8-). I expect that the way around it is to statically link the program: linked static -> no PLT. But there are still tons of ways to exploit badly written code. The real benefit is to reduce the number of cases in which a programming mistake results in an exploit, not make things "exploit proof" (I'm a firm believer in Goedel). Raising the bar is useful; if nothing else, it sends them to the house without even cheap locks, and our neighbors stereo goes missing instead of ours (not a paredo-optimal result, but better than *our* stereo going missing). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D1EDC8F.930AE88A>