From owner-freebsd-security Thu Jul 12 17:45:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from jordan.llnl.gov (jordan.llnl.gov [128.115.36.14]) by hub.freebsd.org (Postfix) with ESMTP id 2BFCB37B408 for ; Thu, 12 Jul 2001 17:45:23 -0700 (PDT) (envelope-from alley1@llnl.gov) Received: from localhost (wea@localhost) by jordan.llnl.gov (8.11.4/8.11.4) with ESMTP id f6D0jGu39682; Thu, 12 Jul 2001 17:45:16 -0700 (PDT) Date: Thu, 12 Jul 2001 17:45:16 -0700 (PDT) From: Ed Alley To: Cc: , Subject: Re: non-exec stack Message-ID: <20010712174243.R39680-100000@jordan.llnl.gov> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I noticed the following comments in security-digest. My appologies for jumping into the middle of the conversation. ------ >- ----- Original Message ----- >From: "solwar" >To: "alexus" >Cc: >Sent: Sunday, July 08, 2001 9:07 PM >Subject: Re: non-exec stack >> Most buffer overflow exploits are based on overwriting a function's return >> address on the stack to point to some arbitrary code, which is also put >> onto the stack. If the stack area is non-executable, buffer overflow >> vulnerabilities become harder to exploit. ------ My comment on the above is: Making the stack non-executable is not the answer because among other things it would disable signal trampoline code. Even disallowing and exec is not the answer because one could transfer back into the text area to get at the int 0x80. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message