Date: Mon, 10 Feb 1997 14:18:27 -0700 From: Warner Losh <imp@village.org> To: tqbf@enteract.com Cc: dufault@hda.com, freebsd-security@freebsd.org Subject: Re: buffer overruns Message-ID: <E0vu37M-0005S4-00@rover.village.org> In-Reply-To: Your message of "10 Feb 1997 11:59:41 GMT." <19970210115941.27807.qmail@char-star.rdist.org> References: <19970210115941.27807.qmail@char-star.rdist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19970210115941.27807.qmail@char-star.rdist.org> tqbf@enteract.com writes: : In article <199702100954.EAA08773@hda.hda.com>, you wrote: : >Is the stack executable? I've been assuming the exploits modify : : Yes. The problem width making the stack non-executable is that it breaks gcc generated code. It will place trampoline code on the stack for a variety of things, and then jump to that code. Exceptions and nested scopes come to mind for when this happens, but it has been a while since I checked this out. Also, SunOS implements a lazy link for shared libraries. When the program starts to execute, it has a bunch of jumps to a routine that fixes up the jumps to the right place and then jumps there itself. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vu37M-0005S4-00>