Date: Wed, 5 Mar 1997 09:31:02 +1100 (EST) From: proff@suburbia.net To: imp@village.org (Warner Losh) Cc: hackers@freebsd.org Subject: Re: Removing execute privs from stack pages Message-ID: <19970304223102.20286.qmail@suburbia.net> In-Reply-To: <E0w1ymE-0000oj-00@rover.village.org> from Warner Losh at "Mar 4, 97 11:17:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Even making the stack non-executable will not solve the problem. It > is possible to use overflows to overwrite function pointers in .data > or .bss area that are called through (although this is much much > harder). > > Warner No, it is easier than that. If your heap is executable, you can just point the pc to data in there (e.g gethostbyaddr packet buffer) -- Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970304223102.20286.qmail>