Date: Wed, 24 Jun 1998 18:02:19 +0400 (MSD) From: Stas Kisel <stas@ssu.ccssu.crimea.ua> To: ncb05@uow.edu.au, njs3@doc.ic.ac.uk, security@FreeBSD.ORG Subject: Re: non-executable stack? Message-ID: <199806241402.SAA11520@ssu.ccssu.crimea.ua>
next in thread | raw e-mail | index | archive | help
> From: njs3@doc.ic.ac.uk (Niall Smart) > Date: Wed, 24 Jun 1998 15:09:30 +0100 > It would be nice to have a filesystem non-executable-stack flag so that > it could be enabled/disabled on a per file basis. Another option would > be to only turn it on for set[ug]id executables. There are a number This option seems not so useful - many buffer overruns are(and will be) written for exploiting via network non-suid daemons, run as root or ever as nobody. E.g. overruns in CGI-scripts. > of other "features" like this that would be useful, for example the > ability to specify that only printable ascii characters can appear in > the arguments or environment of a process before it can exec another. > I haven't checked if its possible to write shellcode using just plain > ascii characters, if you can then this is obviously worthless, but I'd > be surprised if it's possible. \bye Stas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806241402.SAA11520>